pooch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md and references/registry.md explicitly instruct the agent to download and fetch files from arbitrary public URLs/DOIs (e.g., Zenodo DOI, https://github.com/.../raw/..., example base_url and mirror URLs) and the workflows show the agent reading/processing those fetched files (including extracted archives), so untrusted third‑party content could be ingested and influence analysis/next actions.