create-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly exposes a fetch tool that "Fetch[es] content from URLs" (see "Available Tools: fetch" and the Research/Planning agent templates that include fetch in their frontmatter), meaning the agent can retrieve and read arbitrary public web content and thus could be exposed to indirect prompt injection.