web-research-subagent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs a subagent to "Search the web" and return findings with source URLs (see references/subagent_prompt_template.md and SKILL.md), so it ingests open/public third-party web content (arbitrary URLs) that can influence decisions and thus could enable indirect prompt injection.