native-web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to "Search the internet" (SKILL.md and buildUserPrompt in search.mjs) and the code invokes web search tools (runCodexSearch sets tools: [{ type: "web_search" }] and runAnthropicSearch uses tools: [{ type: "web_search_20250305" }]), so the agent fetches and interprets arbitrary public web content that can materially influence its outputs.