fleet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Step 2 "Ping & Collect" shows the tool calling remote oracles (via maw hey $MAW_ADDRESS ...) to fetch their reported "version, skill count, last commit" for each contact listed in contacts.json, so it clearly ingests untrusted third-party responses from arbitrary nodes and uses those responses to populate the census and drive status/diff decisions.