planning-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core iteration prompt (PROMPT in planning-loop.sh) explicitly instructs the agent in the RESEARCH phase to "Use web search to investigate" competitors and "Cite findings", and Phase 5 / planning-loop.sh mention WebSearch/WebFetch and the Agent tool (with --dangerously-skip-permissions), so the agent will fetch and act on untrusted public web content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). It explicitly instructs running subagents with the --dangerously-skip-permissions flag (and embeds that flag in the generated script), which bypasses agent/tool permission controls and enables actions that circumvent security—while it doesn't ask for sudo or to edit system files, this permission bypass is a clear compromise risk.