kata-add-milestone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Research phase (see references/project-researcher-instructions.md and research_modes/tool_strategy) explicitly uses WebSearch, WebFetch, and Context7 and also interacts with GitHub APIs to ingest public web/docs and user-generated content, and those external findings are required inputs that directly influence research synthesis, roadmap decisions, and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs researcher agents to call Context7 (mcp__context7__query-docs) and to WebFetch official docs (e.g., https://docs.library.com/getting-started) at runtime to pull documentation that is then injected into prompts and used to generate research/syntheses, so those external fetches can directly control agent outputs.