custom-agent-definitions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly defines agents (e.g., "research-agent" and "Read-Only Research Agent") with allowed-tools: WebSearch and WebFetch and instructs them to "Search for information and provide findings," meaning the agent will fetch and interpret open/public web content that could contain untrusted, user-generated instructions.