ideation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Plan action P2 ("Capture Sources") explicitly fetches every user-provided URL using WebFetch and the Explorer role uses WebSearch/WebFetch to read web pages, and those fetched, untrusted third‑party pages are read and incorporated into research reports and the agents' decision/coordination flow, so arbitrary web content can materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches user-provided URLs at runtime via "WebFetch" (e.g., example shown as https://example.com/article) and writes their contents into session/sources which are then read into agent spawn prompts and continuation context, so remote content can directly control the agents' prompts/instructions.