plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Phase 2 "Research phase" (SKILL.md) and the Spec/Task templates (references/spec-template.md and references/task-design-guide.md) explicitly instruct researcher agents to use tools like exa_web_search_exa and a web scraper to fetch and synthesize public web/docs content, which is untrusted third-party material that the agent reads and uses to drive technical decisions and ADRs.