ima-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary public URLs and web content as part of its required workflows (see knowledge-base/SKILL.md: URL type detection, curl -sI -L HEAD checks and curl -sL downloads, import_urls flow) and the root SKILL.md/notes sections explicitly treat WebFetch/HTTP responses as sources requiring UTF-8 conversion, so untrusted third‑party content is read and can affect subsequent tool calls and decisions.