deep-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and runbook explicitly direct the agent to fetch and hydrate public third-party content (e.g., Codex-native web tools like web.search_query/web.open, codex-research fetch probe/get, GitHub access, Firecrawl, and agent-browser) and to read/interpret that content to generate claims and drive follow-up actions, which exposes it to untrusted user-generated or public web content that could contain indirect prompt injection.