readme-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and interprets public third‑party content as part of its required workflow — e.g., Layer 4 Link Integrity uses "WebFetch: url=..." to check external URLs and the script-executor/validation steps call public package registries ("npm view", "pip index") and test demo URLs — so untrusted, user‑generated web content can be read and can influence validation and execution decisions.