lessons-learned

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires searching public third‑party sources (Seats.aero, airline websites such as airfrance.com and united.com, SerpAPI/Skiplagged/Kiwi) and instructs the agent to read and act on those site results (trace transfer chains, verify availability, and make booking/value decisions), exposing the agent to untrusted web content that can materially influence next actions.