debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's debug server (scripts/debug_server.js) accepts arbitrary POSTs to /log and writes them to project .debug/debug-*.log files which the workflow explicitly instructs the agent to read (Phase 5 / "cat ...debug-$SESSION_ID.log"), so untrusted or user-generated runtime content from web pages or users can be ingested and interpreted by the agent.