research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly performs open web searches (mcp__web-search-prime__webSearchPrime) and fetches/reads arbitrary public URLs (mcp__web-reader__webReader, mcp__web-search__fetchGithubReadme, fetchCsdnArticle, fetchJuejinArticle, native WebFetch) and then synthesizes findings into reports and recommendations, meaning untrusted/user-generated third‑party content is ingested and can materially influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill uses runtime fetchers (mcp__web-search__fetchGithubReadme and mcp__web-reader__webReader) to retrieve and inject remote page content—e.g., the example URL https://github.com/vercel/next.js—into the model context to drive its research prompts and outputs, and those fetches are a required part of the skill workflow.