spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs autonomous subagents to run web/OSS research and to "investigate third-party dependencies" (see the SKILL.md sections "When the design depends on third-party code" and references/research-playbook.md "Third-party dependency investigation"), which fetch and interpret untrusted public web content (docs, GitHub/issue threads, StackOverflow, blogs) as evidence that can change decisions and actions.