search-first

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the researcher agent to search public third-party sources (npm, PyPI, GitHub, the web) and to evaluate those results to decide actions like "Adopt/Extend/Install", so untrusted web content is fetched and directly influences tool use and decisions.