bookstrap-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow (Step 3 "Delegate to BRD Creator" listing "Research Sources: ... URLs for ingestion" and the referenced next step "/bookstrap-ingest") explicitly requires ingesting arbitrary external URLs, meaning the agent will fetch and read untrusted third‑party web content that can influence its actions.