web-search-pro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary public third‑party web content (see search.mjs, extract.mjs, render.mjs, crawl.mjs and the documented DDG/fetch and multiple provider flows in SKILL.md/README) and feeds that content into research.mjs's model-facing "plan + evidence pack", so untrusted web pages can be read/interpreted at runtime and materially influence agent decisions (enabling indirect prompt injection).