research-external

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs web research tools (perplexity-search) and a scraper (firecrawl_scrape --url "$FOUND_DOC_URL") to fetch and ingest public web/documentation pages and then synthesizes those findings, so it will read untrusted third-party content from arbitrary URLs discovered on the open web.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs firecrawl_scrape at runtime to fetch external documentation URLs (e.g. "https://docs.example.com/api/$TOPIC" and arbitrary runtime "$FOUND_DOC_URL") and injects those results into the research synthesis, so fetched content can directly influence agent prompts/outputs and the skill lists FIRECRAWL_API_KEY/firecrawl as a required dependency.