deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly runs web searches and browses public sources (e.g., "paper-search google web", "paper-search semanticscholar", and "paper-search browse ") and instructs the agent to read and act on those pages/papers, so untrusted open-web content can materially influence decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes runtime fetches like "paper-search browse ", which retrieves arbitrary external web content and injects it into the agent's context to drive its outputs (i.e., can directly control prompts), and the workflow depends on these fetched sources.