ce-work-beta

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to "Review any references or links provided in the plan" (Phase 1 Step 1) and to probe and interact with external trackers/APIs (references/tracker-defer.md uses gh/Linear/Jira probes) and can enable Codex delegation with networked "yolo" mode—all of which cause the agent to fetch and interpret untrusted, user-generated third‑party content that can change delegation, ticketing, or execution decisions.