research-synthesis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and ingest open web content (e.g., "WebFetch" for specific URLs and using "WebSearch", "Parallel Search", and "Perplexity" in the examples and decision tree) so untrusted, user-provided webpages and search results are read and synthesized into actions (braindump updates and recommendations), which could allow indirect prompt injection.