crest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires the agent to "eagerly Read existing GitHub/LinkedIn/blog profiles, prior posts, and Topic DNA indicators" as part of its AUDIT/DISCOVER workflow (SKILL.md / OPUS_47_AUTHORING P3), which means it will fetch and interpret untrusted public user-generated content (GitHub, LinkedIn, blogs, SNS) and use that content to drive positioning and next actions.