vm0

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs (SKILL.md and references/volumes.md and references/artifacts.md) explicitly show listing, downloading, extracting, and mounting volumes and artifacts (user-provided input files and agent-produced outputs) from the VM0 service, which are untrusted, user-generated content that the agent is expected to read and can materially influence run behavior.