parallel-dev-cycle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly loads a prep-package at {projectRoot}/.workflow/.cycle/prep-package.json (phases/01-session-init.md) whose source_refs can include URLs, and spawnRAAgent (phases/02-agent-execution.md) instructs the agent to "Reference URL: ... (fetch if accessible)" and to "Use these documents as the primary source of truth", meaning arbitrary external web content may be fetched and directly influence requirements, agent focus directives, and subsequent actions.