skill-research-process

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs research agents to fetch and read public web pages, documentation URLs, GitHub repos/issues, and web search results (see SKILL.md Stage 2 and references/agent-prompts.md and references/mcp-tools.md which list WebFetch, mcp__Ref__ref_read_url, mcp__exa__web_search_exa, WebSearch, and GitHub CLI), so untrusted third-party content is ingested and used to drive agent outputs and actions.