plan-cro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs "If the user provides a URL, use web_fetch tool to fetch the content of the URL and analyze the current issues," meaning the agent will ingest and act on arbitrary third‑party web content (user-provided/open web) which could enable indirect prompt injection.