pm-research-about

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs WebFetch/WebSearch of arbitrary URLs from the open web (see "W1 Workload: 8 searches + 3 WebFetch" in Phase 2 and "For URLs: WebFetch: 'Extract... Full markdown content'" under Add to Index), and it ingests and uses that fetched public/web content to drive agent planning, wave decisions, and document generation — meeting the conditions for exposure to untrusted third-party content that could enable indirect prompt injection.