debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs using browser automation (/browser) to navigate web pages and capture console/network data (references/tool-patterns.md §9 and the Escalate-investigate tiers) and directs the agent to check/clone public OSS repos and GitHub issues/PRs (composability / references/tool-patterns.md §1), which requires fetching and interpreting untrusted public, user-generated web content that can influence diagnostic decisions.