proactive-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow repeatedly instructs the agent to fetch and use open web content (e.g., "Use every tool: CLI, browser, web search", "Web search for solutions", "Check GitHub issues", and the "Skill Installation Policy" that installs skills from external sources) — which means the agent will ingest untrusted, user-generated third‑party content as part of its normal self‑healing and research workflows and that content could materially influence tool use or decisions.