search-layer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, untrusted third-party content (e.g., Brave web_search in SKILL.md Phase 3, search.py's --extract-refs and dynamic calls to scripts/fetch_thread.py which implements fetch_web_page, fetch_reddit, fetch_hn, and fetch_github_issue) and then has the agent and LLM components (relevance_gate, chain_tracker) read and score that content to decide follow-up fetches and actions, which could allow indirect prompt injection from those sources.