respond-first

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly delegates "search, research, intel gathering" tasks to the persistent sub-agent "echo" and gives an example ("Search for XX and compile a report") that requires fetching and ingesting public web content via sessions_spawn, so untrusted third-party content can be read and influence downstream actions.