mpp-conformance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "Before writing code" steps explicitly direct fetching live docs from public sites (https://paymentauth.org/, https://datatracker.ietf.org/doc/draft-ryan-httpauth-payment/) and web-searching public docs (e.g., site:docs.stripe.com), so the agent will ingest untrusted third-party web content that can materially influence conformance decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching external docs at runtime—https://paymentauth.org/ and https://datatracker.ietf.org/doc/draft-ryan-httpauth-payment/—and requires using those documents to drive conformance checks, so the fetched content would directly control the agent's prompts/behavior.