ship

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs WebSearch as part of Step 4 (Test Framework Bootstrap) and invokes codex with web_search_cached in the design-review flow (Step 9), reading public web pages and search results and using those findings to choose/install frameworks and drive code changes — i.e., it ingests untrusted third-party content that can materially change tool actions.