learn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's Phase 1 "Discover" and "Fetch" steps explicitly ingest arbitrary public URLs (using /read or native WebFetch/curl) and Phase 2 requires the agent to "read it fully" and use those sources to drive the outline and writing, so untrusted public web content could materially influence decisions and tool use.