workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's review action explicitly says (references/actions/review.md — "Production execution") that if WebSearch/web capabilities are available it will search the open web (e.g., "production code review checklist", framework best practices) and synthesize results into the review, which means the agent may fetch and read arbitrary public third‑party content (untrusted/user-generated) as part of its workflow.