search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's orchestrator and reference files (references/searching.md and references/extraction.md) explicitly require running web_search_exa and web_fetch_exa to retrieve and read arbitrary public web pages/URLs as part of the core workflow, so untrusted third-party (user-generated/public web) content can be ingested and materially influence subsequent tool dispatch and decisions.