researching-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Reference Following" and examples (e.g., reviewing Perplexity's cited URLs and calling WebFetch(url="")) explicitly fetch and ingest arbitrary public/cited web pages that the agent will read and synthesize, exposing it to untrusted third-party content and potential indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly calls WebFetch at runtime (e.g., WebFetch(url="", prompt="Extract key details about ") and WebFetch(url="", ...)), meaning arbitrary external pages are fetched and their content is injected into the agent context to control prompts/synthesis.