design-task

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Task Tools" section and examples (e.g., Task(..., tools=[SerperDevTool(), ScrapeWebsiteTool()]) and the example "Search for and scrape the top 5 articles about {topic}") explicitly instruct agents to fetch/scrape public web content and pass those results into downstream tasks/context, exposing the agent to untrusted user-generated web content that could carry indirect prompt injections.