research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to fetch and extract full content from open web URLs (e.g., Wave 2 "dispatch deep-read subagents — use fetcher/trafilatura/docling to extract full content from top leads" and the "content-extractor" role), and that third‑party content is read, interpreted, cross‑validated, and used to drive findings, confidence scores, and follow-up actions—exposing the agent to untrusted web content that could carry indirect prompt injection.