web-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly uses a WebSearch tool to fetch and ingest content from arbitrary public web pages (see the WebSearch step and stored "urls" / source: "web_search" entries such as docs.github.com) which the agent then reads, synthesizes, and stores—exposing it to untrusted third‑party content that could carry indirect prompt injection.