harnass-engineer-start

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's emitted runbooks and contracts (e.g., harnass-os/Deploy.md and documents/shared/contracts/cloudflare-deployment-policy.yaml) explicitly require fetching and validating live preview/production URLs (curl and browser validation) and the audit schema requires capturing/browsering target_url and screenshots, meaning the agent is expected to read and act on untrusted public web content (preview/production sites) as part of its workflow which can influence deployment and release decisions.