deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required Phase 2 workflow explicitly runs web searches and calls scrape-webpage to fetch and save raw content from public URLs (see "web-search(...)" and "scrape-webpage(...)" in Phase 2: Search-Read-Extract Loop and the OpenAlex/web-source examples), then reads and interprets those untrusted third-party pages to drive follow-up queries, extractions, and report decisions—thus exposing the agent to untrusted web content that could carry indirect prompt injection.