deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md explicitly requires use of the agent-browser for "Initial Broad Search" and the subagent "Execution Flow" mandates deep navigation (clicking into public web pages, PDFs, data reports) and ingesting Source URLs, which the agent must read and use to drive task delegation, dynamic task expansion, and final actions—exposing it to untrusted third‑party content that could inject instructions.