ann

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses WebSearch/WebFetch (see "Tool mapping: web search / fetch | WebSearch, WebFetch") and describes capturing "in-session WebSearch" results into deliverables (PHASE 4.5), meaning the agent fetches and reads public third‑party web content that can materially influence plans and tool actions.