updating-knowledge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Research Workflow and Tool Usage Notes explicitly require WebSearch and mcp_web_fetch (which "can fetch ANY URL directly") and list community discussions and public documentation as source priorities, so the agent will fetch and interpret untrusted public web content that can influence its conclusions and follow-up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates using mcp_web_fetch/web_search to fetch arbitrary external URLs at runtime (e.g., any URL fetched via mcp_web_fetch such as https://example.com/raw_prompt.md), and those fetched pages are explicitly ingested to drive the agent's synthesis and outputs, meaning remote content can directly influence/define prompts and behavior.