agent-evaluation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly cites using public, user-generated sources such as "SWE-bench Verified: Real GitHub issues" and "WebArena: Web navigation tasks" (and includes external links) which indicate the agent will ingest/read arbitrary public web/forum content as part of evaluations, exposing it to untrusted third-party input that could enable indirect prompt injection.