deep-dive

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs subagents to "use WebSearch to find current, authoritative information" and to fetch/cite public web sources (URLs appended to /tmp and read during synthesis), so arbitrary third-party web content can be ingested and influence subsequent subagent tasks and the final report.