osv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states under "Core Principles & Rules" that the skill "Uses AI or DuckDuckGo to summarize vulnerability details from the web," which requires fetching and interpreting open/public web content (untrusted third‑party sources) that could influence the agent's follow‑up decisions.