evidence-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs parallel subagents to WebSearch and ingest public third‑party sources — e.g., Subagent A pulls from arXiv/IEEE/ACM/Google Scholar and Subagent B pulls from GitHub discussions, Stack Overflow and Reddit — and then reads and integrates those untrusted, user‑generated/public webpages into its verdicts and follow‑on recommendations, which could enable indirect prompt injection.