d3k

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs the agent to open and crawl arbitrary web pages (see "Browser Interaction" open http://... and the "Creating PRs with Before/After Screenshots" examples opening production URLs and capture_before_after_screenshots), which causes the agent to fetch and act on untrusted public site content that could influence actions.