dogfood

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly requires a target URL and directs the agent to use agent-browser to "orient on the app" and "explore the app systematically" (see Workflow and Defaults), so the agent will fetch and interpret arbitrary public web content from the target site that could contain untrusted, user-generated instructions.