cdt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Researcher subagent (references/researcher-prompt.md and plan workflow Step 5a in references/plan-workflow.md) explicitly uses WebSearch/WebFetch/Context7 to fetch external web docs and injects the resulting untrusted $RESEARCH_CONTEXT into the architect and PM prompts for use in design and validation, which the agents read and act on—creating a clear vector for indirect prompt injection.