proactive-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md and accompanying references explicitly instruct the agent to perform web searches and check public GitHub issues and other external content (e.g., "web search", "Check GitHub issues", and "external content (emails, websites, PDFs)") so the agent will fetch and read untrusted, user-generated third‑party sources as part of its workflow, which could materially influence actions and enable indirect prompt injection.