paw-cra-agent-designer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's research capability (references/research-capability.md) explicitly instructs the agent to perform web searches and ingest content from public third-party sources (platform docs, blogs, industry reports, emerging platforms like Bluesky/Threads) and then extract and apply those findings to its workflows, meaning untrusted external content can be read and materially influence actions.