ah-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's protocol docs (references/protocol-reference.md) and SKILL.md explicitly describe relay HTTP endpoints and generic A2A ingress that accept remote/platform requests whose request body includes "content" and forward those untrusted external requests into the daemon/runtime, so third-party content can be ingested and materially influence agent behavior.