agent-contacts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's Add flow (SKILL.md "Add: /agent-contacts add ") fetches and parses an arbitrary third-party discovery file at the provided URL (/.well-known/agent.json) and uses fields like name, capabilities, and mcp_url to register and enable tools, so untrusted content from public agent URLs can materially influence the agent's behavior.