kata-debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads references/debugger-instructions.md (step 3 "Read Instruction Files") into spawned subagent prompts, and that instructions file directs agents to perform web searches and consult GitHub issues/official docs (public, user-generated sources), which the agent is expected to read and use to drive hypotheses, tests, and fixes—exposing it to untrusted third-party content that can influence subsequent actions.