docs-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly performs WebSearch and WebFetch (agents/docs-researcher.md Step 2) to fetch and extract documentation from the open web and then saves that content into .claude/skills/project-knowledge-base/references/, so untrusted public web content could be ingested and indirectly inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The docs-researcher agent uses a runtime WebFetch call (WebFetch(url="...", prompt="Extract {topic} information")) to fetch arbitrary external pages and inject extracted content into the agent's knowledge base/context, which means remote content can directly control prompts and saved guidance, so this is flagged.