continuous-learning-v2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports importing instincts from arbitrary HTTP/HTTPS URLs (scripts/instinct-cli.py cmd_import uses urllib.request.urlopen to fetch web content) and the SKILL.md exposes the /instinct-import command, meaning untrusted third‑party web-hosted content can be parsed into "instinct" files that the agent loads and that can materially alter behavior.