workflow-tdd-plan-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs autonomous agents to fetch and incorporate external web examples and MCP results (e.g., Phase 2 "Multi-Source Context Discovery" Track 3: "Web examples (use Exa MCP for unfamiliar tech/APIs)" and Phase 5's "mcp__exa__get_code_context_exa" call), meaning untrusted third‑party content is ingested and synthesized into context that can influence planning and actions.