travel-requirements-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Phase 3 research explicitly directs the agent to run MCP web searches (mcp__perplexity__search and mcp__plugin_exa-mcp-server_exa__web_search_exa) to ingest real-time public web content such as travel reports, reviews, and venue information (references/requirements-workflow.md and SKILL.md), which the agent must read and use to drive follow-up questions and itinerary decisions—creating a clear avenue for untrusted third-party content to inject instructions indirectly.