forge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documentation (e.g., SKILL.md, design-skill-fusion-methodology.md, and forge-qa/forge-dev steps) explicitly instructs the agent to perform WebSearch and use a browse tool (gstack/browse, design-consultation Phase 2, "按需 WebSearch", and pulling Vercel guidelines) to fetch and ingest public web pages/competitor sites whose content the agent is expected to read and use to drive recommendations and actions, exposing it to untrusted third‑party content that could carry indirect prompt injection.