swarm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables live Google web search and URL fetching as part of its required research/parallel workflows (see SKILL.md and README's "Web Search" and /research endpoints) and the code (e.g., bench.js fetchAndAnalyze which fetches public webpages) shows it ingests arbitrary public site content for analysis, so untrusted third‑party content is read and can influence downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The benchmark and fetch pipeline run at runtime fetch external webpages (e.g., https://benefits.va.gov/transition in bench.js) and concatenate the fetched HTML into the LLM prompt that is sent to the model, so remote content is loaded during execution and directly controls model input.