compete

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly mandates autonomous web collection and ingestion of public third‑party sources—e.g., "Core Contract: Always use WebSearch" and the Public Collection Checklist / Deep OSINT guidance (review sites, social media, Reddit, forums, pricing pages, GitHub, app store reviews)—and requires the agent to read, cite, and base analysis/decisions (battle cards, recommendations, alerts) on that content, which meets all criteria for exposure to untrusted user-generated content that could carry indirect prompt-injection.