takt-workflow-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and facet instructions explicitly permit and require fetching external content—e.g., the example step provider_options (plan) allows Claude tools "WebSearch" and "WebFetch", and facets like references/takt/builtins/ja/facets/instructions/research-dig.md and gather-review.md instruct downloading public data and running "gh pr view"/"gh pr diff" to ingest GitHub PRs—so the agent will read and act on untrusted, user-generated third‑party content that can influence its actions.