deep_research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs web_search/read_url and browser_* automation (browser_open, browser_snapshot, browser_click) and includes a wechat_article tool and舆情 templates that scrape social platforms (e.g., 小红书, 微博, 知乎, B站), so it fetches and ingests public, user‑generated third‑party content which the agent then reads and interprets as part of its workflow.