research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to run Gemini or WebSearch queries and to read GitHub repositories via the docs-seeker (e.g., "use WebSearch", "execute gemini ...", "When you found a potential Github repository URL, use docs-seeker"), meaning the agent will ingest and act on untrusted public web/user-generated content that can influence its decisions.