foundry-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The deep-research workflow (references/deep-research-workflow.md and SKILL.md) explicitly describes parallel topic researchers "fetching and analyzing web sources", following links (follow_links, max_sources_per_query) and returning source URLs used to synthesize findings, so the agent ingests untrusted public web content that can influence decision-making and tool use.