red-team-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's architect-reviewer persona explicitly lists WebFetch and WebSearch tools (architect-review.md) and the SKILL.md dispatch step sends bundles to "browser-based agents," indicating the agent will fetch and interpret arbitrary public web content as part of the review workflow, which can influence decisions and actions.