millionaire-fastlane

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's sources manifest (sources.md) explicitly lists public web resources and instructs the agent to "verify via WebFetch as needed" (e.g., mjdemarco.com, thefastlaneforum.com, Mixergy, Goodreads, Amazon links), which means the agent may fetch and read untrusted, user-generated or public web content during runtime and thus could be exposed to indirect prompt-injection from those third-party pages.