researchers-tech

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and PROJECT_RESEARCH.md explicitly instruct the agent to fetch and interpret open/public third‑party sources (e.g., mailing list archives like https://lists.debian.org/, web.archive.org, GitHub, groups.google.com, Hacker News) as part of its research workflow and to use those findings to drive outputs and follow-up actions, which meets the criteria for exposure to untrusted user-generated content that could enable indirect prompt injection.