architect-stack-selector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly adds RAG ingestion and Nostr client add-ons and parses "data/retrieval needs: RAG yes/no, source formats (pdf/markdown/html/csv/text)" in the Router Workflow and Selection Rules (e.g., "If user mentions RAG... add addon-rag-ingestion-pipeline" and multiple "Next.js Nostr client" compositions), which indicates the agent will fetch and interpret untrusted public/user-generated content (web/docs and social Nostr relays) that can materially influence subsequent decisions and actions.