skill-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required Stage 5 delegation instructs the subagent to "Search web for documentation and examples" (public web sources) and the postflight stages (Stage 6/8) read the subagent-written .return-meta.json and artifact_summary/artifact_path to update state and link artifacts, so untrusted third-party web content can influence decisions and subsequent actions.