printing-press

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests content from public third-party sources (e.g., Phase 0 URL detection using WebFetch, Phase 1.5 web searches/GitHub repo reads, Phase 1.7 browser-sniff which may open/attach to Chrome and capture site traffic, and Phase 1.8 "crowd-sniff" searching npm/GitHub and fetching the public registry.json), and those untrusted pages and community artifacts are parsed and absorbed into the manifest and gate decisions that directly influence subsequent tool actions and generation steps.