web-search-plus

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and ingests open/public third‑party web content — e.g., scripts/search.py calls Serper/Tavily/Exa APIs (README/SKILL.md also document this) and Tavily can return full page "raw_content" and Exa returns snippets/highlights/similar pages, which the agent then reads and synthesizes into answers.