autoresearch-hooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes an example hook (examples/before/external-search.sh) that explicitly fetches external search results via arbitrary search tools or curl/web-search wrappers and writes them into the session workspace (and hooks can emit steer messages), meaning untrusted, user-generated public web content can be ingested and influence the agent's subsequent decisions.