ce-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly runs external research agents that fetch public documentation and web sources (e.g., Phase 1.2–1.3 "ce-framework-docs-researcher"/"ce-best-practices-researcher" and the Deepening Workflow 5.3.6 which dispatches agents to read external references and write artifacts), and it also says it will "discover" or fetch user-provided URLs—so the agent will ingest untrusted, public third‑party content and use those findings to change planning decisions.