slash-command-encoder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly includes multi-model commands that fetch real-time web information (e.g., the "Multi-Model Skills" section and examples like "/gemini-search 'Best practices for React 19' | /codex-auto ..."), showing the agent ingests public web content and then pipes that untrusted content into downstream commands, so third-party content can materially influence behavior.