agentflow-managed-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's managed-workflows explicitly include web-sourced contexts (e.g., "context_policy.web" in references/workflows.md for deep_research and "context_policy.allow_web_fallback" in spec_design), which indicates the agent will ingest open/public web content as part of its workflow and thus could be influenced by untrusted third-party content.