cognitive-accessibility

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly says "When Used Standalone ... It accepts page URLs, component files, or plain text content blocks," indicating the agent fetches and reads arbitrary public page URLs as part of its workflow, which could allow untrusted third-party content to influence assessments and follow-up actions.