deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs subagents in Phase 3 ("Parallel Multi-Agent Exploration" and the "Subagent Return Format" / "Source Evaluation" sections) to fetch, extract, and return content with source URLs from external websites (public domains, blogs, papers), so untrusted third-party web content is ingested and used to drive follow-up searches and synthesis that can change the agent's actions.