runbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the loop/subagents to "consult the authority" which may be a URL and to "look it up online" (see references/seeding-guide.md "Authority ... A URL works" and references/loop-prompt.md fallback "Look it up online" and the Discovery step "Consult the authority referenced there"), so the agent will fetch and act on arbitrary third‑party web content that can influence task selection and actions.