spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs dispatching /research and /explore subagents to pull and analyze external prior art, OSS source, docs, blog posts, GitHub/StackOverflow issues and other web content (see SKILL.md sections like "Research playbook" → "Third-party dependency investigation" and the subagent dispatch rules that say "search source code, documentation, and web"), meaning the agent will ingest untrusted public third‑party content and use it to drive decisions.