skill-stocktake

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md Phase 2 checklist explicitly instructs the launched subagent to "Freshness of technical references verified (use WebSearch if tool names / CLI flags / APIs are present)", which requires the agent to run WebSearch and ingest public web results (untrusted third‑party content) to inform evaluation and decisions.