bellingcat-investigation-toolkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill’s SKILL.md explicitly instructs agents to consult and “prefer live GitBook or GitHub src / generated pages” and to “verify links and capabilities on the official page before prescribing steps,” which requires reading public, third-party (GitHub/GitBook) content that can affect recommendations and tool use.