research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly instructs the agent to fetch and read public GitHub issues (gh issue view), follow external links/read upstream sources, and fetch live pages (https://docs.docker.com//), all of which are open/public, potentially user-generated content that the agent must interpret and that can materially influence its remediation decisions.