presentation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required research workflow (Step 2: "Research Source Selection" and "Research Execution") explicitly scrapes and ingests untrusted public content—e.g., FirecrawlScrapeTool for arbitrary URLs, FetchYoutubeCommentsTool/FetchYoutubeTranscriptTool, Google Maps reviews, social media fetch tools, and Perplexity Sonar web SERP synthesis—which the agent is instructed to read and use to shape outlines, content, and deployment decisions, creating a clear vector for indirect prompt injection.