product-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The competitive-analysis and idea-generator skills explicitly list and allow WebSearch/WebFetch and instruct the agent to fetch App Store pages, competitor websites, and user reviews (e.g., competitive-analysis SKILL.md and WORKFLOW.md Phase 2), which are untrusted public third‑party sources the agent is expected to read and use to drive product decisions.