project-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's /explore-idea and research phases explicitly instruct the agent to use "WebSearch" and an "Explore subagent" to find and read GitHub examples, public websites, and other online docs (e.g., "Find GitHub examples", "WebSearch: 'similar tools'"), which exposes the agent to untrusted, user-generated third‑party web content that it will read and interpret.