plan-interview

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Knowledge Audit explicitly directs the agent to "If the user provides a reference (docs URL, API spec, example), load it before planning that step," which requires fetching and interpreting arbitrary user-provided/public URLs and thus exposes the agent to untrusted third-party content that can influence planning decisions.