analyze-value

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly performs WebFetch/WebSearch and Read of external paper pages and PDFs (Phase 0: "WebFetch https://arxiv.org/html/{id}", "WebSearch", "Read {pdf_path}") and Phase 1 agents require WebSearch/WebFetch of L1–L4 sources (including technical blogs and academic community discussion), meaning the agent ingests untrusted public web content that can influence its decision-making and actions.