grace-setup-subagents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 2 workflow explicitly instructs the agent to "look for official shell documentation" and to "ask the user for a canonical sample or doc link" when no local example exists, meaning it may fetch or ingest arbitrary external documentation/URLs and then read and infer file formats and metadata (which can materially change generated agent files), exposing it to untrusted third‑party content that could contain injected instructions.