review-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly spawns a "Research" agent that uses the research-online skill (references/agent-prompts.md and SKILL.md Step 3), which fetches and ingests public web content and uses those findings to influence the synthesized recommendations and next actions, exposing the agent to untrusted third-party content that could carry indirect prompt injection.