deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 3 "RETRIEVE" instructions in SKILL.md explicitly launch WebSearch/mcp__Exa__exa_search/WebFetch calls and spawn Task agents to fetch and ingest public web, arXiv/academic pages, industry reports and other open URLs, so the agent will read and act on untrusted, user/public third‑party content as part of its workflow.