headless-adapters

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's headless adapter explicitly runs third-party CLI agents (see SKILL.md "headless" command and schemas like schemas/claude-headless.json) and ingests their newline-delimited JSON streaming output (Schema Creation Guide / outputEvents mappings) which the adapter parses into message and tool_call events that directly drive subsequent actions, allowing untrusted CLI-generated content to influence behavior.