skill-security-framing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly fetches and processes external web content (e.g., "Fetch via WebFetch", the example "Analyze this article: https://example.com/article", and the mandatory security-framing workflow) and passes that untrusted third‑party content to subagents for analysis, so it clearly ingests public/untrusted content that could contain indirect prompt‑injection attempts despite framing protections.