boss

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs Agents (e.g., agents/boss-architect.md and agents/boss-pm.md) to use WebSearch and WebFetch to retrieve and ingest external web documents and competitor content for technical research and PRD/architecture decisions, meaning untrusted third‑party content from the open web will be read and can directly influence tool use and downstream actions.