research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs workers to fetch and ingest live web content (e.g., vendor docs, blog posts, aggregator pages) and attach source URLs and quoted spans that the lead uses in synthesis, so the agent reads and acts on untrusted third‑party webpages.