personalise

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts "a URL" as input and instructs the agent to "pull only the context you need" and to "skim" and interpret that input (SKILL.md: "You drop something in — a URL, a paste, a file path..."), meaning the agent will fetch and read arbitrary third-party web content which can directly influence personalization decisions and subsequent actions.