workflow-tdd-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs agents to perform "MCP external research" and advertises mcp/exa_web capabilities (e.g., mcp__exa__get_code_context_exa in phases/02-task-generate-tdd.md and the action-planning-agent prompt), which implies fetching and ingesting open-web / third-party content that the agent will read and use to influence task generation and execution decisions.