code-design-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly tells agents to "Lookup best practices for the protocol (use WebSearch/WebFetch)" in SKILL.md and spawns a code-researcher subagent to "Lookup best practices", which indicates the agent will fetch and interpret content from public third-party web sources that can influence design decisions.