deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs "web-only" deep research when a file store is unavailable (see README "Known Issues" and SKILL.md/AGENTS.md describing research.py's workflows) and writes extracted source URLs to outputs like sources.json and interaction.json, which shows it fetches and ingests untrusted public web content (e.g., reddit/medium links in example reports) that the agent reads and uses to drive its research and follow-up actions.