ops-go

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs the agent to scan and ingest user-generated content from third-party sources (e.g., "For Slack counts: ... use mcp__claude_ai_Slack__slack_search_public_and_private" to scan public channels, plus unread messages from WhatsApp/Email/Notion and WebFetch fallbacks) and then uses that content to drive priorities and automated tool actions, so untrusted third-party text could influence behavior.