ito-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to call external search/fetch tools (e.g., exa MCP for web searches/webpage crawling, deepwiki MCP and gh CLI for GitHub content, and a harness WebSearch/WebFetch fallback) to fetch and ingest public third‑party pages and discussions which the agent must read and use to generate responses, so untrusted user-generated web content can directly influence its decisions and actions.