2026-legal-research-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to crawl and ingest public third-party websites (e.g., courts.{state}.gov, legislature.{state}.gov, public.law, legal aid sites and news/advocacy pages) via Firecrawl and then validates and processes that scraped JSON (see URL lists, Firecrawl configuration and scripts/validate-scraped-data.ts), so it clearly consumes untrusted open-web content that could carry indirect prompt injections.