research-deep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow's Step 3 explicitly launches a "web-search-agent" to perform research (Step 3: Batch Execution — "Launch web-search-agent (background parallel, disable task output)"), which implies fetching and interpreting public web content to produce the JSON outputs and thus exposes the agent to untrusted third-party content that can influence its actions.