autonomous-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's planner explicitly has WebFetch/WebSearch in its tool budget (CLAUDE.md "Tool" mapping) and Phase 1 describes spawning Explore sub-agents for research while SKILL.md/Research Sources lists public URLs, so the agent is expected to fetch and read open web content (blogs/docs) that could contain untrusted, user-generated instructions influencing planning and subsequent actions.