create-worker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Research Agent" template and the "Available Tools" section explicitly list and instruct use of WebSearch/WebFetch ("Use web search for external docs" in the Research Agent workflow), so the agent is expected to fetch and interpret open/public web content (untrusted user-generated sources) as part of its workflow, which can materially influence its decisions and tool use.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly documents giving agents powerful tools (Bash, Write/Edit) and options like "bypassPermissions" and "acceptEdits" or omitting the tools field for full access, which encourages skipping permission prompts and modifying files — creating a clear risk of compromising machine state.