setup-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly asks for arbitrary agent endpoint URLs and instructs the system to test and interact with them (Phase 2: "What is your agent's endpoint URL?", Phase 5: "attempt a basic connectivity check") and the reference (references/connection-types.md) states Coval sends chat/websocket/API requests to those external endpoints and reads their responses, so untrusted third‑party content can be ingested and influence behavior.