research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s workflow explicitly includes “Scrape complete documentation sites” and “Find all relevant URLs in documentation sites,” which at runtime would fetch outsider-authored public web documentation text and feed it into the agent’s LLM context for summarization.