research-and-synthesis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Research Flow explicitly instructs the agent to use mcp_web-search-prime_search and to read articles with mcp_web-reader_read / mcp_zread_read (public web URLs), so the agent ingests untrusted third‑party web content that can materially influence its synthesized recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime web-reader calls (e.g., mcp_web-reader_read(url="https://discovered-url.com/article") and mcp_zread_read(url="https://docs-page.com")) that fetch external content which is injected into the agent's context and can directly control prompts.