developing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The researching-codebase workflow explicitly instructs the agent to perform web research—see workflows/researching-codebase.md Step 3: "For web research (only if user explicitly asks): Use the web-search-researcher agent for external documentation and resources"—which means the agent can fetch and read arbitrary public web content that could contain untrusted, user-generated instructions and then synthesize those findings into next actions.