research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open web content (e.g., SKILL.md Tool Priority lists web_search and WebFetch to npmx.dev, and references/verification-patterns.md and references/npm-package-research.md require WebFetch of arbitrary URLs and GitHub via gh api) and directs the agent to read/interpret those pages to drive verification and decision-making, which exposes it to untrusted third-party content that could carry indirect prompt injection.