Delegation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs full-delegation agents to use tools autonomously including "file reads, searches, web" and states "Needs to read files, search, or browse" and "Agent uses tools autonomously (Read, Grep, Bash, etc.)", which indicates agents will fetch and interpret open/public web content that could contain untrusted, user-generated instructions influencing subsequent tool use and decisions.