content-atomizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts "Full text or URL" as input (Input Gathering) and instructs the agent to "Read the full content" and extract hooks (Phase 1 / SKILL.md), showing it will ingest and act on arbitrary public URLs or live platform content (blogs, social posts, transcripts), which could contain untrusted user-generated instructions that materially influence subsequent actions.