self-learning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to use web search, read/extract content from selected public URLs, and even use browser automation to navigate and scrape documentation and examples (see "Discover Sources (Web Search)", "Extract Content (URL Reading)", and "Browser automation"), which means the agent will ingest untrusted third-party web content that can influence its generated skills and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs web search and uses browser automation to fetch and extract content from discovered external URLs at runtime (the "selected URLs" found via web search/browser agent), and that fetched content is then injected into the agent's context to synthesize skill prompts/instructions—so arbitrary remote pages (the discovered external URLs) can directly control the agent.