deep-reading-analyst

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts user-provided URLs/long-form content and performs web_search/cross-source comparison (see "Triggered ... when users provide URLs/long-form content" and "Level 4 (Research) ... Use web_search") so the agent will fetch and read arbitrary public third-party webpages, enabling indirect prompt injection.