swarm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly enables workers to perform live web searches and fetch public webpages—see SKILL.md/README "Web Search" (Google Search grounding) and lib/daemon.buildResearchPhases for research, plus bench.js's fetchAndAnalyze which fetches arbitrary URLs—and those fetched, untrusted pages are ingested and analyzed as part of the research/parallel workflows, so third‑party content can influence task execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). High-confidence: bench.js performs runtime fetches of external webpages (e.g., https://benefits.va.gov/transition) and injects the retrieved HTML/text directly into the LLM prompt for analysis, so external content can directly influence model instructions and outputs.