write-protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly requires calling /search-lit to fetch background references (public literature/DOIs) for Section 1 and to verify citations, and it embeds cross-skill outputs (e.g., sample-size text from calc-sample-size) into the protocol—meaning it ingests open third‑party content that the agent must read and that can materially influence decisions (study rationale, effect sizes, sample size and analysis plan).