research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly directs the agent to fetch and read arbitrary web pages and clone public repositories (see SKILL.md's "WebFetch URL → read content" and references/verification-patterns.md "Pattern 1: URL Research" and references/repo-cloning-pattern.md's example clone of a GitHub repo), meaning it ingests open/public third‑party (potentially user‑generated) content for interpretation.