source-ingestion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and analyzes public third-party sources (e.g., "web pages", arXiv, Semantic Scholar, Zotero" in SKILL.md and references/repository-contract.md), and requires the agent to read/interpret those sources to extract claims and update ledgers/wiki, so untrusted content could materially influence agent actions.