audit-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs the agent to "Fetch the URL" (Step 3) and perform "web search" (Step 4) to scan external public webpages and search results and then use that content to decide PASS/MISMATCH/UNVERIFIABLE for claims, so it reads and acts on untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches and scans arbitrary external URLs at runtime (e.g., https://www.pcma.org/...) and injects their page content into the audit context to verify claims, meaning remote content can directly influence agent prompts/decisions.