deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs web searches and fetches arbitrary public web pages (see Phase 3: Iterative Querying, the Generate agent and Extractor templates that call "WebSearch" and "WebFetch", and the Implementation Tools listing "WebSearch", "WebFetch", and "mcp__puppeteer__"), so the agent ingests untrusted, user-generated/open-web content as part of its workflow and could be exposed to indirect prompt injection.