Skywork Search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls the Skywork web_search API (see scripts/web_search.py using SKYWORK_GATEWAY_URL+/web_search) and SKILL.md instructs the agent to read the returned search results (source URLs and content snippets) and synthesize them, so it ingests untrusted public web content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill calls the Skywork web_search API at https://api-tools.skywork.ai/theme-gateway/web_search at runtime and writes the returned search results into files that are then read/synthesized by the agent, so externally-fetched content can directly influence the agent's prompts/outputs.