deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires using WebFetch and external sources (Step 4 "Source Everything from Primary Sources" and the "Tools Usage Strategy") to fetch papers, official docs, YouTube transcripts, GitHub repos/issues and community discussion—public, user-generated content that the agent must read and use to ground claims and decisions, which clearly exposes it to untrusted third-party input that could carry indirect prompt injection.