youdotcom-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs using You.com's Research API (/v1/research) and Search + Contents APIs (/v1/agents/search and /v1/contents) to fetch live web pages and page contents (HTML/Markdown) from arbitrary public URLs and then read/synthesize those results as part of the agent's workflow, which clearly exposes the agent to untrusted third‑party content that could carry indirect prompt injection.