web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls zai.functions.invoke('web_search') to retrieve URLs, snippets, and metadata from arbitrary public websites and then directly reads/summarizes those search results (see searchAndSummarize, ResearchAssistant, and the Express API), exposing the agent to untrusted third-party content from the open web.