deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required methodology (SKILL.md and methodology.md) explicitly instructs the agent to search and ingest open web content—naming general search engines, Wikipedia, forum mining (Reddit, Hacker News, Stack Exchange) and social search (Twitter/X)—and to read, track, and act on those sources as part of its workflow, which clearly exposes it to untrusted third-party content that could enable indirect prompt injection.