product-sense

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md's "Research-First Workflow" explicitly requires the agent to perform web searches and cite linked sources (e.g., "Use web search... Do 5-10 searches" and "Cite sources — Include linked source inline"), which forces fetching and ingesting open/public third-party content that will be read and used to drive the agent's output and decisions.