developing-with-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions explicitly instruct agents to ingest and use external public sources as runtime context — e.g., INSTRUCTIONS.md and references/CONTEXT-ENGINEERING.md ("Option 2: External Wiki" / "Context Stack" with URLs), domain notes that say "Figma URL を直接プロンプトに含める", and references/AGENT-AND-PROJECT.md (MCP registry https://registry.modelcontextprotocol.io/) — meaning the agent is expected to read/interpret untrusted third‑party webpages/URLs which can materially influence actions, creating a clear indirect prompt-injection risk.