athena-work

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads user-provided .athenabrief package files (notably brief.md and manifest.json), treats the brief as a zero-instruction instruction set ("When the brief contains clear instructions ... proceed without asking") and will follow manifest/brief "webResearchInstructions" by delegating to web search tools, so untrusted user/web content in the package or fetched from the open web can directly influence agent actions.