learn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly invokes an external web_search tool (integration/tools.md and integration/tools.md → Phase 3 / operations/execute.md: "results = await web_search(query)"), meaning it fetches and ingests open-web content during execution and thus reads untrusted, potentially user-generated third‑party content as part of its workflow.