research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly performs web searches via configured providers (e.g., Tavily/Brave/Serper/Google) and then "Fetch content (text extraction from HTML/PDF)" and ingest those public URLs (examples include wikipedia.org and archives.gov) so the agent reads and acts on untrusted third-party web content during its ingestion workflow.