plan-design-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Design Outside Voices" workflow explicitly launches a codex exec with --enable web_search_cached (see the "If Codex is available" codex exec snippet in SKILL.md) and also offers opening external URLs (e.g., the LAKE_INTRO "open https://garryslist.org/..."), so the agent can fetch and ingest public web content that is then used to influence review findings and decisions.