security-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly tells the agent that "If you are unsure you can try to search online for documentation on security best practices," which directs it to fetch and interpret open/public web content (untrusted user-generated sources) that would influence security reports and fixes.