heterogeneous-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs capturing and ingesting raw traces from external provider CLIs (e.g., the "Capture Raw CLI Traces First" sections for claude and codex and use of window.__HETERO_AGENT_TRACE) so the agent reads untrusted third‑party model output that can drive tool calls, step boundaries, and persistence.