squad-run

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime LLM context is built from task fields fetched via authenticated API calls (e.g., curl GET /api/task/$ID?...&fields=title,description,plan,... and dependency fields from other tasks), and those fields can include outsider-authored free text such as description, plan, decision_log, implementation_notes, and prior *_comments written by other contributors; this text is then injected into agent templates and sent to the LLM in step ⑤.