faas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Input detection explicitly states it will fetch arbitrary URLs ("URL — fetch the page (GitHub issue, Linear ticket, Notion doc)") and the Phase 1 workflow requires parsing and acting on that untrusted, user-generated content as part of decision-making, exposing the agent to indirect prompt injection.