deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's README and code indicate the Deep Research agent ("deep-research-pro-preview-12-2025") will autonomously search and ingest content from the open web as part of its workflow ("Execution: It autonomously searches the web and reads your provided files" and via client.interactions.create with the deep-research agent), which exposes the agent to untrusted, public third-party content.