deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md's Search Strategy and Extraction steps explicitly require fetching/scraping public third-party sites (e.g., "site:arxiv.org", "site:github.com") and instruct the agent to extract and interpret claims from those sources to drive fact-checking and outputs, which could let untrusted page content influence tool use and decisions.