policy-redraft

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md workflow (Step 2: "check (via research MCP, web search if enabled, or the Federal Register docket)" and Step 1c allowing "A fetched regulation") explicitly requires fetching public third‑party web content (e.g., Federal Register / web search) as inputs that the agent must read and that materially affect redraft decisions, so it exposes the agent to untrusted third‑party content that could carry indirect prompt injection.