outline-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1.5 "Research bổ sung" explicitly instructs the agent to run WebSearch for generated queries, extract findings from web results, save them as research-notes.md and append [R] items into the Content Map (which feed into the outline), meaning public/untrusted web content is fetched and directly influences the agent's decisions and outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Step 1.5 explicitly runs WebSearch at runtime and appends external pages (arbitrary "Source: url" results from web search) into research-notes.md and the Content Map which are then injected into the outline-generation context, so external URLs fetched at runtime can directly influence prompts (i.e., arbitrary web search result URLs).