eval-driven-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (see Step 2c "Capture and verify a reference trace" and Step 4 / section 4b' "Capture external content for eval_input (mandatory)" in references/4-build-dataset.md) explicitly instructs the agent to fetch and embed real-world third-party content (web pages, documents, API data) as eval_input that the app and LLM will read and act on, so untrusted user-generated content can indirectly inject instructions and influence tool calls and decisions.