deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Phase 2 "Gather" step and Source Priority explicitly direct the agent to collect and read open/public user-generated content (community discussions, Stack Overflow, GitHub issues, conference posts/case studies and other public websites), so the agent would ingest untrusted third-party material that could enable indirect prompt injection.