research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires fetching from public channels (e.g., WebSearch, WebFetch, Firecrawl, SearXNG, GitHub MCP) as shown in the topic_classification and workflow Phase 2/validation sections, and those third-party sources are ingested and used to form claims, conclusions, and follow-up actions, creating a clear vector for indirect prompt injection.