oma-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's execution protocol (resources/execution-protocol.md and the web route/error-playbook) explicitly performs native web searches and an "oma search fetch" pipeline that scrapes and ingests public third‑party sites (e.g., Reddit, StackOverflow, dev.to, social feeds and arbitrary URLs) and uses those snippets and trust labels to sort/filter results and drive fallbacks, so untrusted user-generated content is read and can materially influence agent behavior.