research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Research Process explicitly requires searching and ingesting public, user-generated sources (e.g., "Identify open-source projects on GitHub, npm, PyPI, crates.io" and reporting stars, last commit, licenses), so the agent will read untrusted third-party content and use it to drive recommendations.