opencode-agent-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's templates and documentation (e.g., references/agent-types.md "Security Auditor" pattern and the frontmatter spec in SKILL.md/references/frontmatter-spec.md) explicitly enable and instruct use of the webfetch tool to "check CVE databases, security advisories" and fetch web content, so the agent is expected to ingest public third‑party webpages which can materially influence decisions and tool use.