skill-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly mandates fetching and inspecting remote skills from public sources (see references/remote-sources.md which names playbooks.com and GitHub) and references/research-workflow.md plus SKILL.md require downloading, reading, and using that downloaded corpus as evidence that will influence synthesis, so the agent will ingest untrusted third-party content that can change its actions.