skill-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md (Review Process steps 3–4) and references/checks-references.md explicitly require using WebFetch to fetch every http(s) URL found in SKILL.md, README.md, and reference files — causing the agent to read arbitrary public web pages whose content is used to decide checks and thus can materially influence actions, creating a clear vector for indirect prompt injection.