learn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md description explicitly says the skill "Research any topic online by gathering online resources" which requires fetching and ingesting public web content (third-party sites) that the agent will read and use to build RAG indexes and guides, exposing it to untrusted user-generated content that could contain indirect prompt injections.