html-thread-recap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly accepts and instructs the agent to "read" a pasted transcript or log file as input ("The conversation source is... a pasted transcript or log file"), so untrusted user-provided / public content is ingested and can directly shape decisions and the agent's subsequent outputs.