runner-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "Research Updates" workflow explicitly requires using web_search (see the "Research Sources" queries such as site:github.com and runner docs) to fetch and read public web pages and repositories, which the agent is expected to interpret and act on (e.g., update the runner registry or create specs), so untrusted third‑party content could change its behavior.