research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's "Information Gathering" and "Execution Patterns" explicitly require searching and reading top results from open/public sources (e.g., "Identify Domains: ... forums?", "Tertiary Sources: Wikipedia, generalized blog posts") so the agent would fetch and interpret untrusted, user-generated web content.