devpilot-learn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch arbitrary web pages using "WebFetch" ("For URLs: Use WebFetch to retrieve the page") and the evals include external article URLs, so the agent ingests untrusted public web content and reads/interprets it to drive summarization and file-generation behavior, enabling indirect prompt-injection risk.