doc-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md workflow explicitly falls back to WebSearch and uses render.bash (references/cloudflare-markdown.md and the render.bash script) to fetch and convert arbitrary public URLs, meaning the agent ingests untrusted third-party web content that can affect its research and subsequent actions.