field-dev-code-recon

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Phase 1 workflow explicitly instructs the agent to use browser_navigate and browser_snapshot to load and capture content from external source URLs (e.g., LinkedIn posts, articles, documentation), which are untrusted third-party/user-generated sources that the agent must read and use to drive mapping, issue creation, and other actions.