task-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts URLs as input and instructs agents to list and read referenced docs/URLs (see SKILL.md "Accept input as a file path, URL, pasted text..." and references/backlog-format.md's Reference table), so it will ingest third‑party web content that can influence task decomposition and downstream agent actions.