weco

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required evaluation workflows and templates (e.g., references/eval-accuracy.md, references/eval-llm-judge.md and the SKILL.md "Generate Evaluation"/"Evaluate" steps) explicitly instruct downloading and loading datasets from public URLs (raw GitHub URLs, Hugging Face, Kaggle, arbitrary URLs) and using that untrusted, user-generated content as evaluation input that directly drives optimization decisions and tool actions, creating a clear avenue for indirect prompt injection.