qa-debugging

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires using "web search/web fetch" for fact-checking and mandates handling URLs/domains/third‑party payloads at the "External Input Normalization Boundary", which means the agent will fetch and interpret open/public, untrusted third‑party content (URLs, web pages, payloads) as part of its workflow and those inputs can materially influence troubleshooting actions and recommendations.