context-engineering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs research sub-agents (see agents/options-researcher.md and deepen-plan.md) to fetch and analyze public third-party sources such as GitHub repos, company blogs/docs (e.g., "Research how enterprise companies (Stripe, Square)" and "Find top GitHub repos"), so the agent will ingest untrusted/user-generated web content as part of its workflow.