acp-intent-traces

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch live docs from public web sources (e.g., web-searching GitHub for the intent_traces RFC and fetching https://developers.openai.com/commerce/specs/checkout/), meaning the agent will ingest and act on untrusted third-party content as part of its required workflow.