ai-engineering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows explicitly call external retrieval tools (e.g., the SKILL.md agent_loop uses tools [search_tool, read_page_tool] and references/examples.md defines ResearchAgent with WebSearch/FetchDocument/ExtractContent), meaning the agent ingests open web/public documents and uses those results to drive planning and tool decisions — creating a clear avenue for indirect prompt injection.