deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs the agent to search the open web and fetch full content from arbitrary URLs (see "Step 3: Execute Multi-Source Search" with firecrawl_search/web_search_exa and "Step 4: Deep-Read Key Sources" with firecrawl_scrape and crawling_exa), so it ingests untrusted third-party web content that can materially influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses runtime fetches like firecrawl_scrape(url: "") and crawling_exa(url: "") to load arbitrary external web content into the agent's context, so fetched URLs directly control the agent's prompts/synthesis and are a required dependency.