people-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly runs web_search_advanced_exa (and a browser fallback) to fetch LinkedIn profiles, personal sites, news, and public bios from the open web—untrusted third‑party, user‑generated sources that the agent ingests and interprets—so it exposes the agent to indirect prompt injection risk.