exa-people-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs calling exa-search.web_search_advanced_exa to fetch LinkedIn profiles, public bios, news, and other web pages (and even to use a browser fallback for auth-gated content), so the agent ingests and acts on untrusted third-party web content that could contain injected instructions.