hotseat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md's "Research first" workflow explicitly requires using live web research tools (e.g., "Web Search", "Exa", "Ref", "Context7", "GitHits") to fetch and read public third-party content, which is untrusted/user-generated and can materially influence the agent's follow-up questions and actions.