wave-executor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md Plan File Format includes a wave promptTemplate that explicitly instructs waves to "Do 3-5 WebSearch queries" and the runtime flow states "Claude executes wave tasks" (via the Claude Agent SDK query() in fresh Bun subprocesses), so the agent can fetch and act on open web/search results which are untrusted third-party content and could materially influence subsequent actions.