gpt-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs web searches and scrapes public pages via retrievers (gpt_researcher/retrievers e.g., GoogleSearch, Tavily, Bing, Serper) and ResearchConductor._scrape_data_by_urls, accepts arbitrary source_urls/query_domains and custom retrievers/MCP remote servers, and then feeds that untrusted web/user-generated content into the LLM-driven research/report pipeline, exposing the agent to indirect prompt injection.