skill-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The auditor's required Step 5 Execution Testing instructs Claude to "construct the request, execute, capture response" for API-mode skills (Mode C) — and the evaluator script even detects API patterns in SKILL.md — meaning the auditor will call endpoints documented in the target skill and ingest those external responses as part of its evaluation, exposing the agent to arbitrary third-party content (potential indirect prompt injection) if the audited skill points to public/untrusted APIs or URLs.