parallel-task

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and parses user-supplied markdown plan files ("Plan file: The markdown plan to read" and subagent prompts that instruct "Examine and explore the plan, all relevant files & dependencies"), so arbitrary untrusted user/third-party content would be ingested and interpreted by agents.