code-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and SUBAGENT.md "Step 3
• Research Changes" explicitly directs the agent to use WebSearch/WebFetch to retrieve official changelogs, migration guides and "community migration experiences" from the open web, which the agent will read and incorporate into upgrade plans and actions, exposing it to untrusted third‑party content that could carry indirect prompt injection.