research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and scrapes public, user-generated sites (e.g., Reddit, TripAdvisor, FlyerTalk) via WebSearch/WebFetch and the browser-control scraper and requires the agent to read and synthesize those forum/review threads as part of its research workflow, exposing it to untrusted third-party content that could enable indirect prompt injection.