content-pillar-atomizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly allows a URL as pillar_content and instructs "If URL provided, use web_fetch to retrieve content" (Step 1 / Input Schema), meaning the agent fetches and ingests arbitrary public web content which it then interprets to drive generation and actions—exposing it to untrusted third-party input that could contain indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's workflow explicitly calls web_fetch on a user-provided pillar_content URL (i.e., any remote URL supplied as pillar_content) at runtime and injects that fetched text into the model context, so arbitrary external content can directly control prompts.