deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md activation and "Collect sources" steps require fetching and ingesting external links and public web sources (official docs, blogs, changelogs and even Reddit/Discord per references/source-quality.md), which the agent must read and synthesize into recommendations, exposing it to untrusted third-party content that could carry indirect prompt injection.