deep-research-pro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent in "Phase 2: Parallel Source Gathering" to fetch and gather evidence from public third‑party sources (e.g., arXiv, company websites, press releases, news/media) and the "Phase 3: verify_source" code expects source['url'] input to be read and evaluated, so untrusted web content would be ingested and used to drive verification and synthesis decisions.