audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly audits "a URL" using the audit_live flow ("try first for any URL" / "For a URL — audit it"), which fetches and inspects live DOM content from arbitrary public websites and uses those DOM-derived findings (Source: lines, rule output) to drive analysis and code-edit decisions, exposing the agent to untrusted third-party content.