acp-fulfillment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md's "Before writing code" explicitly requires fetching the live checkout spec at https://developers.openai.com/commerce/specs/checkout/ and performing web searches on public GitHub for the FulfillmentOption JSON schema, so the agent will ingest and act on public third‑party (including user‑generated GitHub) content that could contain instruction-like or malicious text.