compound-learning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses web_search and external research tools in the PLAN phase (see "Domain Researcher" tools: web_search and the plan_phase / plan_with_parallel_tools examples) so the agent fetches and ingests content from the open web (untrusted, user-generated sources) as part of its workflow, enabling indirect prompt injection risk.