opencode-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables and instructs agents to use webfetch to fetch public web content (e.g., assets/templates/security-auditor.json sets "webfetch": "allow" and assets/templates/prompts/security-auditor.txt / SKILL.md instruct the agent to "use webfetch to check for CVEs or security advisories"), so the agent will ingest and act on untrusted third‑party webpages that could carry indirect prompt injection.