skill-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's workflow explicitly instructs syncing and fetching external marketplace/docs (e.g., references/SYNC-TRACKING.md "Check for Marketplace Updates" with git fetch/git diff and listed sources like the Anthropic marketplace and agentskills.io), meaning it ingests public third‑party content which the agent is expected to read and use to decide merges/updates, creating a clear vector for indirect prompt injection.