opencode-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly describes a "librarian" subagent for "external documentation lookup, web research" and includes examples like "Use librarian to find the official React docs..." and "search for best practices..." which indicate the agent will fetch and interpret public web pages and documentation (untrusted third‑party content) as part of its workflow, allowing external content to influence decisions and actions.