development-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow's Step 1 (skill-researcher) explicitly instructs performing web searches and GitHub/MCP server research—ingesting public web pages and repositories that the agent will read and synthesize—so it clearly consumes untrusted third‑party content.