research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs agents to perform WebSearch/WebFetch and read public sites (e.g., Wave 1 Template: "Use WebSearch", Quick Research Mode: "WebFetch on key URLs", Wave 2: "Read the full README and API docs", and "Cite sources with URLs"), so it ingests untrusted, user/public web content and uses that content to drive decisions and next actions.