opengrep-rule-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Vulnerability Research Plan (in SKILL.md and OPENGREP_RULE_GENERATOR_PROMPT.md) explicitly requires using WebSearch/WebFetch to fetch public pages (e.g., CWE and OWASP URLs) and to ingest their content to drive rule-mode selection and rule generation, so untrusted third-party web content can meaningfully influence the agent's actions.