web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and extract content from public web providers and arbitrary URLs (see the "websearch extract" command and "search ... --content" plus provider list: tavily, exa, brave, serpapi, etc.), so the agent will read untrusted third‑party webpages/user‑generated content that can influence its answers and actions.