learn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 "Discover" and "Fetch" steps explicitly instruct the agent to use web search or an installed search plugin and to fetch arbitrary public URLs via the /read step (saving them to ~/Downloads/{title}.md), and Phase 2–4 require the agent to read and act on those third‑party sources to guide research and writing decisions, which exposes it to untrusted user-generated or public web content that could carry indirect prompt injections.