runbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's seeding and loop templates (references/seeding-guide.md and references/loop-prompt.md) explicitly allow the Authority to be a URL and instruct the loop to "look it up online" and "consult the authority" during discovery, meaning the agent will fetch and act on arbitrary external web content that can influence decisions.