context-mode

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Decision Tree and workflows explicitly instruct the agent to fetch and index external web content (e.g., "Fetch web docs" → ctx_fetch_and_index, raw GitHub URLs, Playwright/browser_snapshot and agent-browser examples) so the agent will read and act on public/untrusted third‑party pages and API responses.