structured-thinking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's investigation and evidence protocols (e.g., references/session-discipline.md "Investigation escalation ladder" which ends with "Specific factual question → web search directly", and references/extraction-protocol.md / artifact-discipline.md sections that require adding "External Sources Title" to evidence files) explicitly instruct the agent to fetch and ingest open web/third‑party URLs and use those findings to drive decisions, so it clearly consumes untrusted third‑party content that can influence actions.