deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow (SKILL.md — see "快速扫描" 1.5 and "多跳信息搜集" 2.1–2.3) explicitly instructs the agent to WebSearch/WebFetch and use Playwright to fetch and read public third‑party pages (examples: Reddit, Hacker News, arXiv, news sites, raw GitHub URLs) and then use that untrusted, user‑generated public content to validate hypotheses and drive conclusions and recommendations, so those pages could materially influence the agent's decisions.