dag-hallucination-detector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's extractCitations/verifySingleCitation flow (see extractCitations's urlPattern and verifyUrl) explicitly extracts URLs from content and will fetch those external URLs when context.allowNetworkVerification, so it ingests arbitrary public web pages for verification.