write-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required Phase 1 Research explicitly tells the agent to "Google the topic and read the top 5 results" (SKILL.md, Phase 1), meaning it fetches and ingests open/public SERP content (untrusted third‑party pages) and uses those findings to choose content type and shape subsequent actions, so third‑party instructions could materially influence behavior.