fact-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs Opus and the Sonnet sub-agent to perform "WebSearch で一次ソースを確認" (Steps 2, 3 and the dispute resolution in Step 4), meaning the agents fetch and interpret public web content as authoritative evidence that can change classification and follow-up actions, which exposes them to untrusted third-party content.