acp-extensions-authoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Before writing code" steps explicitly instruct fetching live docs from public third-party sources (e.g., web-searching GitHub for RFCs and fetching https://developers.openai.com/commerce/specs/checkout/), meaning the agent will ingest and act on untrusted web content that could contain instructions.