research-gather

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching and ingesting external, public content—e.g., "External references: Docs, articles, tools mentioned | Web search, bookmarks" and GitHub history/PRs/issues via the GitHub API—so the agent will read untrusted, user-generated web content as part of its workflow.