programming-advisor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Step 2 "Search for Existing Solutions (use web_search)") instructs the agent to fetch and interpret public web/package sources (npm/pip/cargo, SaaS sites, GitHub, etc.) and then use that untrusted, user-generated content to drive recommendations and integration steps, creating clear exposure to indirect prompt injection.