yuc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch and scrape public pages (e.g., "request https://yuc.wiki/" for quarter discovery and "Fetch the quarter page HTML" for parsing the quarter page), so it ingests untrusted third‑party web content (yuc.wiki quarter pages) that directly drives parsing logic and output decisions.