workflow-plan-execute

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 context-search-agent explicitly includes "Track 3: Web examples (use Exa MCP for unfamiliar tech/APIs)" and MCP/exa_web capabilities as inputs to build the context-package.json, so agents will fetch and synthesize open/public web examples (untrusted third-party content) and read/interpret them as part of the workflow.