autodev-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The runbook for "deepen-plan" (Runbook: Deepen a Plan → Step 2: parallel-research) instructs launching subagents to perform "deep research (codebase + docs + web if needed)", which clearly allows fetching and ingesting open/public web content that can influence subsequent plan synthesis and actions.