content-research-brief

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to perform web_search and web_fetch on open/public sites (see "Step 1: Search for Sources" and "Step 2: Fetch and Extract Source Content", including site:reddit, site:linkedin.com, site:youtube.com and extracting full article text), and to interpret those untrusted, user-generated third‑party contents to generate angles and drive downstream actions — which enables indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime web_fetch [url] to retrieve full article text from arbitrary external article URLs (i.e., the fetched news/blog URLs discovered by its web_search) and then injects that content into the model context to drive prompts and generate the research brief, so those runtime-fetched URLs directly control agent output.