outline-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 2 "Research bổ sung" explicitly runs WebSearch queries and extracts findings into research-notes.md (with [R] items including "Source: url") and those research notes are then read in Step 3 and folded into the Content Analysis Map and thesis/outline generation (see SKILL.md Step 2 and references/content-map-rules.md), so arbitrary public web content can be ingested and materially influence the agent's decisions.