cook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Research phase (SKILL.md and references/subagent-patterns.md) mandates spawning "researcher" agents, calls out /scout:ext and producing "reports ≤150 lines with citations", and those reports are consumed by the planner/implementation pipeline (including --auto mode that skips review gates), which shows it fetches and acts on external/public-sourced, potentially untrusted content that can influence subsequent actions.