PAIUpgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open/public third‑party content (blogs, docs, changelogs, GitHub repos via Tools/Anthropic.ts and sources.json, plus YouTube transcripts via yt-dlp/VideoTranscript in Workflows/CheckForUpgrades and FindSources) and then reads and acts on that content to generate recommendations and drive follow-up actions, so untrusted content could indirectly inject instructions into the agent's workflow.