external-resource-context

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Reference Protocol and domain axes (SKILL.md and references/*, e.g., "use the access method declared in the project tier (e.g., the named MCP, the URL, the file path) to fetch the actual resource content" and axes that list "public documentation URL" / "hosted mock service (URL)") explicitly require agents to fetch and read external URLs/hosted resources, exposing them to untrusted third-party content that could influence actions.