research-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's workflow (SKILL.md Phase 2 "Targeted Web Search" and Phase 3 "Deep Fetch Top Sources", plus the Source Hierarchy and HARD GATE requiring multiple external URLs) explicitly requires fetching and ingesting public web results (e.g., Stack Overflow, blogs, official docs) that the agent must read and use to form recommendations, exposing it to untrusted third‑party content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Phase 3 explicitly requires fetching the top 2–3 web results at runtime and extracting/injecting those external sources into the research output (e.g., external docs such as https://packaging.python.org/), so runtime-fetched URLs will directly control the agent's prompts/instructions and are required for the skill to produce valid output.