business-requirements

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Discovery Research phase explicitly dispatches sub-agents (e.g., "competitor-scan" and "prior-art") to collect "public info" and store/distill raw third-party content into docs/requirements/research/, meaning untrusted web/user-generated content from the open web is ingested and used to influence BRD drafting and subsequent actions.