feedback-synthesizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md core capability "Multi-source aggregation" and the Analysis Workflow step "Collect sources" explicitly require ingesting public user-generated content such as app store reviews and social media mentions, which the agent reads and synthesizes into recommendations, creating a clear avenue for indirect prompt injection.