deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (e.g., SKILL.md, README.md and reference/methodology.md Phase 3 "RETRIEVE") explicitly requires searching the web and opening/reading individual source pages ("open the original page, paper, filing, documentation page, or repository" and "Search the web or another current-information source"), meaning the agent will ingest arbitrary public third‑party content that can influence retrieval, triangulation, and follow-up actions.