ucp-buyer-consent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "Before writing code" instructions explicitly tell the agent to fetch live docs from public sites (https://ucp.dev/specification/buyer-consent/, https://ucp.dev/specification/overview/ and web-searches including site:github.com), meaning it ingests untrusted third‑party web content that can materially influence implementation decisions.