researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required STEP 3 and "External-retrieval tool boundary" explicitly direct the agent to run WebSearch/WebFetch and PubMed/Consensus tools against public sites (e.g., pubmed.ncbi.nlm.nih.gov, pmc.ncbi.nlm.nih.gov, who.int, unfpa.org), ingesting untrusted third‑party web content that the agent must read and which materially shapes the Evidence Brief, recommendations, and downstream tool actions.