planning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's spec-driven workflow (references/spec-driven-iterative-builder.md) explicitly instructs the agent to "Use web search to find fixes or alternative approaches" and to "capture sources and key takeaways in the spec," which requires ingesting and acting on public web content that could carry untrusted/user-generated instructions.