devtu-self-evolve

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly runs researcher persona agents that use ToolUniverse MCP tools to query public third‑party APIs and websites (see SKILL.md Phase 1 "Discover" invoking web/API discovery and Phase 3 "Testing Phase" plus references/persona-template.md which lists calls to CIViC, GWAS, ClinVar, GTEx, etc.), so the agent ingests untrusted external web content whose outputs can drive fixes and subsequent tool actions.