mise-en-place

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The workflow's "Research (Web)" step explicitly instructs the agent to run targeted web research and "capture sources in prd.json," meaning the agent will fetch and read open/public third‑party web content as part of its workflow.