writer-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The workflow's Step 1 (Input Handling) explicitly accepts URLs and YouTube links and runs wa-convert {url} to produce writer-agent/.../input-handling/content.md, and later required steps/subagent prompts (e.g., article-writer and context-extractor templates) instruct subagents to read those source line ranges and use that content to drive planning, writing, and spawning decisions—so the agent ingests arbitrary public web/user-generated content that can materially influence actions.