stepwise-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md includes explicit "Network Request Verification" and "test_third_party_behavior" instructions that call requests.get(url), perform DNS/TCP checks, and read response.text for arbitrary URLs—i.e., the workflow directs fetching and interpreting untrusted public web content which could materially influence assertions and subsequent actions.