deep-research-main

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (Phase 3: "Iterative Querying" in SKILL.md and the referenced tool_strategy.md) explicitly directs agents to use WebSearch/WebFetch, MCP tools, curl/Playwright/RSS/Wayback to fetch and scrape public web pages and blogs (untrusted, user-generated sources) and then read/triangulate those sources to drive queries, verifications, and report generation—so third-party content is ingested and can materially change the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime explicitly fetches and extracts remote web content to feed agents (e.g., the curl/WebFetch example for mobile Naver blogs "https://m.blog.naver.com/PostView.naver?blogId={ID}&logNo={NO}") which will be injected into model context as source material and is a required part of the Phase 3 querying/fallback pipeline, so external content can directly control prompts.