topic-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required keyword-expansion workflow (references/keyword-expansion.md) explicitly tells the agent to "Read the provided content" when Topic mode input may be "a URL" or "community discussions" and then use that derived topic as the input to expand_keywords, meaning untrusted, user-generated web content is fetched/read and can directly influence tool actions.