source-quality-control

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and its referenced files (e.g., references/engineering-source-validation.md and references/research-source-synthesis.md) explicitly instruct the agent to fetch and use external sources such as official docs, release notes, maintainer comments, high-signal issues and community tutorials (public/user-generated content) as part of its evidence-gathering and decision workflow, which could allow indirect prompt injection from untrusted third-party content.