research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's protocol (Step 2 in SKILL.md) requires using WebSearch and WebFetch to read actual pages from the open web (official docs, GitHub, blogs, forum answers), so it ingests untrusted, user-generated third‑party content that the agent interprets to produce recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses WebSearch/WebFetch at runtime to retrieve arbitrary external web pages as source URLs and injects those findings into the model context (i.e., "external URLs fetched via WebFetch" — no single static URL is listed), so external content can directly influence prompts and outputs.