chain-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly instructs fetching and acting on external public content — e.g., the MCP fallback in references/mcp-detection.md uses WebFetch("https://docs.example.com/api") and references/cron-monitoring.md runs gh/api checks via CronCreate against GitHub — which the agent reads and uses to make decisions (CronDelete/alerts, fallbacks), exposing it to untrusted third-party content that can influence behavior.