adr-author

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). In adopt-template mode, the skill ingests a user-supplied ADR template file/directory (outsider-authored free text) and reads it as UTF-8 prose via scripts/normalize_template.py (in_path.read_text(...)), which is then used to generate the Frame/Decide content that the agent will place into the LLM context.