deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 3 RETRIEVE and related sections in SKILL.md explicitly launch WebSearch/mcp__Exa__exa_search and WebFetch calls to collect and "extract key passages" from public websites, academic papers, and industry reports (e.g., the "Parallel Execution Protocol" and WebSearch examples), meaning the agent ingests and interprets untrusted third‑party content from the open web and so is exposed to indirect prompt injection risk.