content-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly web-searches and ingests public URLs as part of its core flow—see references/search-and-filter.md ("Web-search each query") and references/guide-reader.md ("You receive a URL to read" and append it to References")—so arbitrary untrusted third‑party pages are read and used to drive extraction and downstream decisions.