healthcare-providers-verify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run nimble search/extract against public web pages and APIs (e.g., the Step 3 command nimble extract --url "https://npiregistry.cms.hhs.gov/api/...?..." --format markdown and numerous fallback nimble search/nimble extract calls) and to parse/interpret the returned markdown/HTML, so arbitrary third‑party web content can be ingested and materially influence verification decisions and subsequent tool/sub‑agent actions.