ce-work-beta

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The workflow's Phase 1 (Quick Start) explicitly requires the agent to "Review any references or links provided in the plan" and to "use those as the primary source material for execution," which means the agent will ingest and act on arbitrary external links/third-party content referenced in plans, enabling indirect prompt injection from untrusted web sources.