local-deep-research-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to query and scrape open/public third-party sources (see "Search Source Configuration" and "Multi-Source Search Engine" listing Google Scholar (via scraping), web search/Serper/Tavily, Wikipedia, arXiv, PubMed, OpenAlex, etc.) and to ingest and synthesize those findings into reports ("Research Report Generation"), so untrusted web/user-generated content can directly influence the agent's outputs and actions.