auto-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires agents to perform WebSearch/WebFetch and to read public, user-generated sources (e.g., "WebFetch", GitHub READMEs/issues, Twitter/X threads, Discord/forum discussions" in the Phase 2 Research Methodology and the "Emerging tech" thread), and the agent must interpret those sources to drive research outputs and recommendations, so untrusted third‑party content can materially influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs agents at runtime to WebSearch/WebFetch GitHub repos and read READMEs/issues (e.g., https://github.com / raw.githubusercontent.com), meaning fetched external content is injected into the agent context and can directly control prompts/outputs.