deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's mandatory Phase 3 RETRIEVE explicitly instructs launching parallel WebSearch / mcp__Exa__exa_search calls and Task subagents to fetch and ingest public web sources (e.g., news, arXiv, arbitrary domains) and then uses those retrieved, untrusted third‑party contents to drive triangulation, citations, spawning agents, and report decisions, which clearly exposes the agent to indirect prompt injection risk.