skillkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (Section 2 "Phase 1: Decision & Research" / "Research and proposals") together with explicit changelog and docs stating "Web search for domain research (3-5 queries)" and the v1.2.0 "Verbalized Sampling" guidance show the agent is expected to perform public web searches and ingest external web results as part of its core workflow, which could allow untrusted third‑party content to influence subsequent decisions and tool use.