spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly allows and instructs the agent to perform "web research" (Phase 2.3)—i.e., use web searches to consult public websites, competitor UX patterns, and regulatory sources—so the agent may fetch and read untrusted third‑party content as part of its workflow.