learn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 "Collect" instructions in SKILL.md explicitly require downloading and converting public URLs ("Convert a URL to Markdown... Use /read for individual pages" and "automate with curl + r.jina.ai"), meaning the agent will fetch and ingest open/public third‑party content (potentially user‑generated) that can influence its subsequent analysis and actions.