nutmeg-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts user-provided URLs for "visual inspection" (see the "User provides a URL or says 'check how it looks'" row and the chart-reviewer template "[If visual inspection: URL or instructions to render]" in SKILL.md), which means the agent would fetch and interpret arbitrary third‑party web content as part of its review workflow and thus could be exposed to indirect prompt injection.