web-search-plus-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill invokes a local web-search-plus CLI to perform live searches against public providers (Serper, Tavily, Exa, Querit, Perplexity, You.com, SearXNG) and its SKILL.md and references/output-schema.md explicitly instruct the agent to parse results, cite URLs, and use provider "answer"/metadata—meaning the agent will ingest and act on untrusted public web content (URLs/snippets/answers) that could carry indirect prompt injections.