bg-jobs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill runs arbitrary shell commands (bg run) and explicitly shows an example fetching a URL (bg run "curl -O https://example.com/large_file.zip"), stores and exposes stdout/stderr in records (records//stdout.txt) and provides bg read / bg wait --match which require reading and acting on job output, so untrusted public web content could be ingested and influence agent behavior.