External Research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires using web search and URL fetching tools (e.g., search_web and read_url_content) to discover and read public websites and community content — including GitHub issues, tutorials, and arbitrary documentation URLs — meaning the agent will ingest open, third‑party (potentially user‑generated) content as part of its workflow.