web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly automates browsing public search engines (e.g., the SKILL.md engine table and Execution flow step 4 "Extract text with browser tools") and scripts/browser_search.py builds and navigates URLs to live, open web sources (Google, Bing, Perplexity, 百度, etc.), so the agent ingests untrusted third‑party web content which it reads and uses to decide fallback and next actions.