deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's run.py and SKILL.md show it performs multi-source web searches via tavily_search and fetches arbitrary public URLs (via _fetch_page using urllib.request.urlopen and the fetch_urls parameter), ingesting untrusted third-party webpage content that the LLM is explicitly instructed to synthesize—allowing indirect prompt injection from those pages.