chain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and audits untrusted third-party SKILL.md files, bundled scripts, external URLs, and MCP server tool-description JSONs (see "Core Contract" and the "External URL Audit" / "MCP Server Pinning" sections of SKILL.md), so user-generated or public content is read and can materially influence audit decisions and tool usage.