deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 "Web Research" workflow (and references/query-patterns.md and source-registry.md) explicitly instructs launching web/fetch calls to public GitHub issues/discussions, Stack Overflow, community blogs, Reddit and other open websites and then synthesizing and acting on that content, so untrusted third‑party pages could indirectly inject instructions the agent will follow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs runtime web/fetch calls to external documentation and GitHub resources and injects fetched content into the agent's research context (e.g., https://github.com/[org]/[repo]/blob/main/CHANGELOG.md), which means remote content fetched at runtime can directly influence prompts and agent behavior.