search-layer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated web content (e.g., fetch_thread.py's fetch_web_page, fetch_reddit, fetch_hn, fetch_github_issue and the chain_tracker.py recursive fetch flow referenced in SKILL.md Phase 3/3.5), and that content is then LLM-scored by relevance_gate and used by the agent to decide which links to follow and what actions to take, meaning untrusted third-party pages can materially influence tool use and next steps.