ap2-intent-mandate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Before writing code" workflow explicitly instructs the agent to fetch live docs from third‑party sites (e.g., https://ap2-protocol.org/specification/, https://ap2-protocol.org/topics/core-concepts/) and to web-search GitHub for AP2 intent mandate samples, so the agent will ingest and act on untrusted public web content that can materially influence implementation and behavior.