deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables web search for the Deep Research model (DEFAULT_TOOLS = [{"type": "web_search"}] in assets/deep_research.py and "Web search enabled by default" in SKILL.md/references/workflow.md), extracts and presents URLs from those searches, and uses that third-party web content as part of its research output—so untrusted public webpages can influence the agent's decisions and reports.