draft-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 3 explicitly instructs the agent to "query documentation MCP tools (or WebSearch as a fallback)" to look up library docs, which means it will fetch and interpret open-web/public documentation or sites (potentially user-generated/untrusted) as part of its decision-making workflow.