deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core workflow explicitly launches Codex web-research agents instructed to "search the web" and capture URLs, titles, excerpts and confidence into output/{node_id}/output.md (see Phase 3a "Search Strategy" / "What to Capture" and the tmux launch commands in Phase 3b), and the orchestrator then reads and synthesizes those third-party web sources—so untrusted public webpages/user-generated content can directly influence subsequent synthesis and agent spawning.