gepetto

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's research step (references/research-protocol.md, Step 5) explicitly directs subagents to perform WebSearch and WebFetch on public URLs and to synthesize/cite those web sources into claude-research.md, meaning the agent ingests and interprets untrusted, user-generated third‑party web content.