flow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly delegates "research requiring web search" (Delegation Decision Tree) and the research workflow (commands/research.md and references/research.md) instructs agents to verify via web search and include URLs/sources, so the agent is expected to fetch and read open/public third‑party content whose instructions could influence planning/execution steps.