templater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md's Web Module (tp.web) clearly lets templates fetch arbitrary public URLs (tp.web.request and helpers like tp.web.daily_quote / tp.web.random_picture), and those fetched, untrusted third‑party responses are inserted into and can drive template execution (file creation/renaming/etc.), so external content can materially influence agent actions.