agent-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to use external "skills" (e.g., "twitter", "coingecko") and to "search, fetch, analyze" public content — see SKILL.md/team workflow examples ("btc-fetcher" workers: "Fetch BTC tweets") and the daemon/scheduled templates (templates/daemon_run.py and templates/scheduled_run.py) that drive agents to ingest and act on third‑party, user‑generated web content, which can materially influence subsequent tool use and decisions.