source-ingest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests arbitrary remote URLs listed in sources/manifest.yml (SKILL.md: "Network: required for remote URLs" and "Accept local file paths or remote URLs"), and the script implements live fetching and crawling of web pages, repos, PDFs and subtitle APIs (e.g., _fetch_url_text, _fetch_json, _ingest_docs_site, _ingest_repo), so untrusted third-party content from the open web can be pulled in and influence downstream processing.