security-vulnerability-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and examples (SKILL.md and references/canonical.md / real-responses.md) explicitly ask reporters to provide exact URLs, reproduction steps, and include external links (e.g., gist.github.com, stream.mux.com) that the agent is expected to read and act on, which exposes it to untrusted third‑party content that could contain injected instructions.