rabbit-hole

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the Scout to search "Web sources" and return web_article/community leads, the Investigator prompt requires reading/fetching full content from those URLs, and scripts/validate_sources.py performs HTTP requests to validate cited URLs, so untrusted third‑party web content can be ingested and influence agent findings and actions.