proactive-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows explicitly instruct the agent to "search the web" and use external resources for troubleshooting and automation (see assets/AGENTS.md "Do freely: Search the web, check calendars" and SKILL.md's "Relentless Resourcefulness" / heartbeat and recovery sections that direct web/GitHub searches and applying fixes), which means the agent will fetch and read untrusted third‑party content (webpages, emails, GitHub issues) as part of its operation and that content could materially influence tooling/decisions (e.g., fixes, installs, spawned agents), creating an indirect prompt-injection risk despite stated guardrails.