deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs subagents to fetch and interpret open/public third-party content (via web_search, web_fetch, mcp__playwright__navigate / snapshot) and to use the tikhub-api-helper to retrieve social media posts/comments (TikTok, Twitter/X, Reddit, etc.), which the agent must read and use to drive research tasks and decisions—exposing it to untrusted, user-generated content that could contain indirect prompt injections.