ap2-cryptographic-signing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Before writing code" section explicitly instructs the agent to fetch live docs from public websites (https://ap2-protocol.org/specification/ and https://ap2-protocol.org/topics/privacy-and-security/) and to perform web searches (site:github.com and general web-search), which are untrusted third-party sources the agent is expected to read and use to determine implementation details.