research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses arbitrary public web content and feeds (e.g., fetch_url/extract_page_content, fetch_feed/aggregate_security_feeds and NVD/MITRE/GitHub raw endpoints and user-provided URLs), so the agent will ingest untrusted third-party content (web pages, RSS feeds) that could carry indirect prompt injections.