llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required ingest/query workflow explicitly fetches and ingests public web and social-media content (see "source の取り込み: 通常の Web: WebFetch" in SKILL.md and the scripts/fetch-x.sh which uses agent-browser to retrieve X/tweet/article pages), so the agent will read untrusted, user-generated third-party pages as part of its workflow and those pages can influence subsequent tool use and write decisions.