authoring-developer-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime workflow ingests “handed-in documents” (feature-spec/api-reference/PRD) and also performs “deep-research” via web search; both can include outsider-authored free text (e.g., public web pages or externally authored specs) that the agent then reads and incorporates into the LLM context.