paseo-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and examples explicitly instruct worker/verifier prompts to check external resources (e.g., "Check the CI status of PR #42 using gh pr checks 42" and verifier prompts that run npm test or inspect PRs), and the loop launches agents (paseo run) with modes that permit external access, so the agent is expected to read and act on untrusted third-party content (GitHub/CI outputs and other public resources) as part of its workflow.