model-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to perform web searches and ingest public provider pages (see "Step 2: Research the Model" and the research_queries table with websearch("${MODEL_NAME}...") pointing to sites like openai.com, openrouter.ai, together.ai, huggingface, etc.), which exposes it to untrusted third‑party web content that could contain indirect prompt injections.