surf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs the agent to fetch and ingest public, untrusted third‑party content (e.g., news via search-news/news-feed, social posts via social-user, and arbitrary webpages via web-fetch) as part of its core workflow in SKILL.md, which could allow indirect prompt-injection from that content.