plan-first-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs "Have Claude Code search the web and update them to latest versions" in references/decision-tracking.md, which requires fetching and integrating public web content (untrusted/user-generated) that the agents will read and use to update plans and docs, enabling indirect prompt injection risk.