missing-protections-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1 explicitly states that if a URL is provided the agent will "fetch it using WebFetch" (SKILL.md, "Read the Contract"), meaning it ingests arbitrary public URLs and uses that content to determine contract protections and drive suggested actions, which allows untrusted third-party content to influence behavior.