research-codebase

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the codebase-online-researcher agent to fetch live web content from external sites using playwright-cli / curl (see "For online search" section instructing token-efficient fetch order and persisting results under research/web/), which clearly ingests untrusted third-party webpages that the agent will read and use in its research outputs.