agent-forge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests public third‑party content as part of runtime flows — e.g., examples/weather-bot's SKILL.md uses curl "wttr.in/<город>" to fetch live weather and the main SKILL.md/AGENTS.md/BOOTSTRAP.md describe Auto Handoff and sessions_history/web_search flows that read user messages and public web results, which the agent is expected to interpret and use to update memory and decide actions — exposing it to untrusted, user‑generated or public web content that could carry indirect prompt injection.