test-json-sql-search-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's plan.json includes a "search-web" step that fetches open web search results (web pages/public sites) into $web_results and then projects, plucks, filters, sorts, and branches on fields like metadata.uri and char_count—clearly ingesting untrusted third-party content that directly influences decisions and actions.