deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow and agent delegation explicitly instruct the deep-researcher agent to use EXA web_search / get_code_context tools to gather web content (see SKILL.md "Agent Delegation" and WORKFLOW.md step 3b "Invoke deep-researcher agent" with "web_search_exa"), and the resulting sources/URLs are stored in metadata, so untrusted public web content is fetched and can influence caching, refresh, and promotion actions.