deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md explicitly describes Step 3 calling a web_search tool to collect open-web URLs and using Crawl4AI/Playwright to fetch full public webpage content (article.url and article.markdown are concatenated into the LLM context), so untrusted third-party web content is directly ingested and used to drive analysis and outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill at runtime fetches arbitrary external web pages (the URLs returned in all_urls / unique_urls from the web_search tool and then retrieved via Crawl4AI) and injects their content directly into the LLM context, so those externally fetched URLs (the web_search/unique_urls results) can control prompts and are a required dependency.