trellis-meta

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's agent documentation explicitly grants the Research agent web-browsing tools ("web search, chrome-devtools") in references/claude-code/agents.md and describes calling the Research agent from workflows (e.g., Plan → Research) so the system can fetch and interpret open/public web content during normal operation, which can materially influence planning and subsequent agent actions.