skill-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to perform Web Search and "Execute Search" (Operation 1) and to inspect public GitHub repositories and community MCP server directories (Operations 2 & 3), meaning it fetches and ingests untrusted, user-generated content from the open web and public repos as part of its workflow.