deslop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly requires fetching page content from a URL and "apply the workflow to the prose" (Input handling: "URL: fetch the page content, then apply the workflow to the prose"), so the agent will read and act on arbitrary public web content which could carry injected instructions.