devops-workflow-engineer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's agentic-workflows documentation (references/agentic-workflows-guide.md and the SKILL.md Agentic Workflows section) explicitly lists a "web-search" tool for searching the public web and shows agentic workflows that read instructions and then use tools like file-write and workflow-trigger, meaning the agent can ingest untrusted, user-generated public web content and let that content influence automated actions.