deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill runs web searches by default (DEFAULT_TOOLS = [{"type": "web_search"}] in assets/deep_research.py and the orchestration in scripts/run_deep_research.py), extracts and lists URLs, and incorporates those public web sources into the research report, so it clearly fetches and ingests untrusted third‑party web content for the agent to read and interpret.