deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's Phase 3 "RETRIEVE" explicitly launches WebSearch/mcp__Exa__exa_search/WebFetch queries and spawns Task agents to fetch and analyze content from public websites (e.g., arxiv.org, news, industry reports), which the agent is expected to read and synthesize—therefore it ingests untrusted third‑party content that could enable indirect prompt injection.