agentic-rules-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly tells the agent to "search the web for the official documentation" when topics aren't covered (Knowledge Sources / Phase 5) and to "use web search to gather details" for obscure personas (Q19 in the questionnaire), meaning it will fetch and ingest open/public third‑party content (docs, blogs, Stack Overflow, etc.) that can materially influence generated rules and actions.