workflow-runner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads and ingests role .md files from an agents directory (e.g., ./agency-agents-zh/, ../, relative to the YAML, or node_modules and even suggests git clone https://github.com/jnMetaCode/agency-agents-zh.git) and requires including the full text of those third-party role files in agent prompts, so untrusted public content can directly control agent behavior.