web-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's research loop explicitly instructs the agent to search and ingest public web content (see "Phase 2: Research Loop" and "2.1 Search Strategically" which lists GitHub, GitHub issues/discussions, Stack Overflow, technical blogs, and general articles) and to record and interpret findings including URLs, so it clearly consumes untrusted, user-generated third‑party content as part of its workflow.