acp-affiliate-attribution

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — SKILL.md's "Before writing code" explicitly requires the agent to web-search public GitHub (site:github.com) for the affiliate_attribution RFC and to fetch https://developers.openai.com/commerce/specs/checkout/, so the agent will ingest open/public third‑party content (GitHub and external docs) that can materially influence implementation and actions.