prd

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Research phases (Standard and Deep) explicitly call external search/fetch tools (ToolSearch with "+web-search" and "+web-fetch", fetch_url(url="...")) and spawn web-search-agent subagents that read public web pages (writing results to /tmp/prd-research-*.md), and those findings are synthesized into the PRD and used to drive subsequent decisions, meaning untrusted third-party content can influence agent behavior.