research-to-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Phase 1 "Early Crawl Dispatch" explicitly instructs a crawler to firecrawl:crawl full public documentation sites (e.g., https://react.dev, https://nextjs.org/docs and other indexed docs) and Phase 2 has the researcher firecrawl:query/firecrawl:retrieve and act on those indexed public docs to influence design and plan decisions, so untrusted third‑party web content is fetched and directly drives agent actions.