link-validation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly "Runs lychee to check for broken links" (SKILL.md) which causes the agent to fetch and inspect arbitrary external URLs referenced in workspace markdown (troubleshooting notes mention 403s and slow external sites), exposing it to untrusted third-party content that could influence link-check outcomes and downstream decisions.