research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to use web_search and web_fetch to retrieve and read content from open/public websites/URLs, which are untrusted third‑party sources and could contain user-generated content that enables indirect prompt injection.