project-initializer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires performing "WebSearch" in Phase 2 (and references/web-search-strategy.md) to fetch public sources (official docs, GitHub releases, community blogs) and then uses those search results to decide versions and scaffold/installation commands in Phase 3–4, so untrusted third‑party content can directly influence actions.