deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires using built-in web research tools (WebSearch/WebFetch) to collect and read public URLs and sources (and evals even call for customer review sites like G2/Capterra), so the agent will ingest untrusted third-party web content as part of its required research and synthesis workflow, which could allow indirect prompt injection to influence decisions.