content-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs that if the user provides a URL the agent should "Use WebFetch" to retrieve YouTube/video transcripts, article content, or podcast transcripts (see "Obtain the Content" section), meaning it ingests untrusted public web/user-generated content and must read and act on that content to produce outputs—exposing the agent to potential indirect prompt injection.