corpus-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's templates and workflow (SKILL.md and task-templates.md) explicitly instruct the agent to perform web searches and ingest public sources (e.g., "Search strategy" and "Domains to check" such as nationalarchives.gov.uk, JSTOR, Google Scholar, archives.fr, and the expected DB change CREATE source ... url = "[URL]"), so the agent will fetch and interpret untrusted third‑party content that can drive follow-up actions.