web-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to use the Brave Search API (Step 2) to retrieve web results and then fetch and scrape arbitrary public URLs with extract_page_content (Step 3), ingesting untrusted third-party web content that the agent must read and synthesize into reports, which could enable indirect prompt injection.