planning-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 3 Research explicitly requires performing WebSearch and "If input is URL → WebFetch phân tích nội dung", so the agent will fetch and ingest open/public third‑party web content that directly informs outlines and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly says "If input is URL → WebFetch phân tích nội dung", meaning a user-supplied URL is fetched at runtime and its content is injected into the agent's context to drive outline generation, so user-provided URLs (web fetch) are runtime external dependencies that directly control prompts.