research-online

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow and agent prompt templates explicitly instruct spawning agents that use WebSearch/WebFetch against public sites (e.g., site:github.com, site:reddit.com, site:stackoverflow.com, blogs) and to read/interpret those results to synthesize recommendations, so the agent ingests untrusted third‑party/user‑generated content that can materially influence decisions.