research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public, user-generated web content (e.g., via WebFetch/WebSearch, Perplexity/Gemini APIs, and yt-dlp) as described in SKILL.md and workflows like workflows/extract-knowledge.md, workflows/web-scraping.md and workflows/youtube-extraction.md, and then analyzes/synthesizes that content to drive follow-up actions, so untrusted third‑party pages can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The perplexity-research.ts code performs runtime POST requests to https://api.perplexity.ai/chat/completions and parses the returned content to generate sub-queries that directly drive subsequent agent prompts (and the script exits if PERPLEXITY_API_KEY is missing), so this external endpoint is a required runtime dependency that directly controls agent instructions.