deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (see P2/Subagent Prompt and research_notes_format.md) requires subagents to run web_search and web_fetch on public URLs and include those untrusted third-party sources (including "community" content) in task-{id}.md files that the lead agent reads and uses to drive citations, analysis, and follow-up actions, so external page content can materially influence decisions.