project-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to perform WebSearch and external research (e.g., "Use WebSearch to research domain best practices" in Phase 1 and "Research First: WebSearch for '[technology] best practices [current year]'" in Phase 3, and the Architect agent lists WebSearch/Read as tools), so the agent will fetch and interpret open web/third‑party content (including external links like the Anthropic URL) which is untrusted/user-generated.