research-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The workflow explicitly requires Web Search Research (public websites/blogs) and GitHub Repository Research (public repos) and optional MCP server exploration, all of which ingest untrusted, user-generated third‑party content that the agent is expected to read and synthesize, enabling indirect prompt injection.