swain-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows in SKILL.md (notably "Step 2 — Collect and normalize" and the Snapshot evidence gate) explicitly fetch and normalize web pages, forum threads, video/audio, Google Docs and arbitrary URLs and then use that content to build manifests and syntheses that drive trove creation/extension/refresh decisions (including paywall-proxy fallbacks), so untrusted third‑party content can materially influence the agent's actions.