researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires fetching and reading primary documents from open public third-party sources (via /document-hunter and WebFetch) and lists sites like DocumentCloud, CourtListener/RECAP, Scribd, Justia and news archives in free-sources.md, and those untrusted/user-provided documents are parsed and used to drive verification, evidence chains, and follow-up actions.