cc10x-router

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly creates web and GitHub research tasks (see "Research tasks" and "10. Research Orchestration") that use Bright Data / websearch / webfetch / Octocode to fetch public web and GitHub content, and those resulting "Research Files" are consumed by planner/investigator and recorded in results.research—so untrusted third‑party content is read and can materially influence workflow decisions.