research-archival

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly scrapes and ingests content from public third‑party sources (ChatGPT/Gemini/Claude share URLs and arbitrary web pages via the "Scraping Workflow" and references/url-routing.md using Firecrawl and Jina Reader) and then reads and incorporates that content into archived markdown and GitHub issue bodies, so untrusted user-generated pages could indirectly inject instructions that alter agent behavior.