boss

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Architect and PM agent prompts (agents/boss-architect.md and agents/boss-pm.md) explicitly require using WebSearch/WebFetch to retrieve public web pages and external documentation for "技术调研" and "竞品调研" (marked as mandatory), meaning the agent will ingest untrusted, user-generated/open-web content and use it to drive architecture/PRD decisions and subsequent actions.