support-with-evidence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 "Deep Research (Silent)" explicitly requires the agent to "conduct deep research using web search tools," "read actual results," and cite named studies or URLs (see the "Research procedure per claim" and "ENFORCEMENT" / evidence bullets requirements), which means it will fetch and interpret open/public third-party web content that could contain untrusted, user-generated instructions.