research-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs web-research and scraping tools (Perplexity for web research and Firecrawl via scripts/firecrawl_scrape.py with arbitrary URLs, plus Nia for public library docs), so the agent fetches and ingests content from open/public third-party sites (including user-provided URLs) that it will read and interpret.