spring-refresh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "refresh" workflow (SKILL.md Mode: refresh) instructs invoking the core:deep-research tool to refresh local research docs — and EXAMPLES.md and TROUBLESHOOTING.md explicitly state deep-research may use EXA web search / WebFetch / WebSearch to pull public web content (e.g., GitHub and web pages), which the agent then reads and uses to decide updates, so untrusted third‑party content can influence its actions.