official-hotkey-ingestion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md and references/source-discovery.md) explicitly instructs the agent to discover and read official public websites and pages (including reading a site's llms.txt and extracting shortcut pages) and to use that extracted content to generate and execute idempotent SQL, so it ingests third‑party public web content that directly drives actions like SQL generation and database writes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly says it will fetch and "read llms.txt" from the official docs root (e.g., https:///llms.txt) at runtime and use that file as an index to guide what pages and instructions the agent follows, meaning external content directly controls the agent's browsing/extraction behavior.