research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The execution agent is explicitly instructed in Phase 2 to "Use WebSearch" and "Use WebFetch to read documentation" (Execution Agent prompt), which means the agent will fetch and read open/public third-party web content that may be user-generated and thus could carry indirect prompt injection.