workflow-tdd-plan-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to pull web examples and perform "MCP External Research" (e.g., "Track 3: Web examples (use Exa MCP for unfamiliar tech/APIs)" in phases/02 and the mcp__exa__get_code_context_exa call in Phase 5), ingesting public/web-sourced content into the context-package.json and planning outputs that directly influence task generation and execution decisions, which could enable indirect prompt injection.