research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly mandates fetching and ingesting open/public third‑party content (see "Report Framing Default: External / Third‑Party Sources" and Step 3 "Conduct research and capture evidence" plus nested‑fanout Phase 2 prompts), naming sources like web pages, GitHub, blogs, npm, and URLs — and that external content is read and synthesized to drive routing, evidence files, follow-ups, and nested agent actions, so untrusted third‑party content can materially influence behavior.