agent-teams

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Async Handoff" workflow (reference/workflows-detailed.md, Workflows §5) explicitly instructs creating GitHub PRs and tagging the @claude bot so the agent/bot reads PR comments and acts on them, which exposes the agent to untrusted, user-generated content from a public third-party source (GitHub) that can influence subsequent actions.