research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open web content via provider calls (see scripts/core/providers.mjs: runTavilyExtract / runTavilyCrawl / runTavilySearch and runBraveContext/runGeminiGrounding) and retrieval.mjs+SKILL.md show that those URL-backed, potentially user-generated sources are used as evidence that directly drives gathering, verification, queueing, and synthesis decisions — so untrusted third-party content can materially influence agent behavior.