team-ideation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests arbitrary URLs ("All URLs
• fetch each URL using WebFetch" in Step 1) and the Explorer role is instructed to use WebSearch/WebFetch (and broadcast findings) which the thinkers and Writer must read and incorporate, so untrusted public web content can directly influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill explicitly fetches arbitrary user-provided URLs at runtime via WebFetch (saving that remote content into session/sources and therefore into agent context) and also includes an explicit runtime CDN import for Mermaid ("https://cdn.jsdelivr.net/npm/mermaid@11/dist/mermaid.esm.min.mjs"), so external content can directly influence prompts or execute remote code.