browse-and-evaluate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's workflow and gotchas explicitly state that upstream (non‑vendored) skills are fetched at install/preview time (see SKILL.md: "Upstream (non-vendored) skills require a network fetch at install time" and the preview/install steps), meaning the agent will read untrusted third‑party skill content that can influence installation and subsequent behavior.