cross-verified-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Stage 2 "Search & Collect" explicitly requires using WebSearch and WebFetch to fetch and analyze public web pages (including site:github.com queries, Wikipedia, social media/forums classified as Tier B), meaning the agent will ingest untrusted, user-generated third‑party content that can influence its conclusions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Stage 2 explicitly requires using WebSearch/WebFetch at runtime to retrieve and inject external source pages (e.g., site:github.com) into the model context, so URLs such as https://github.com are runtime dependencies whose fetched content can directly control prompts.