deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.78). The skill’s runtime workflow includes Phase 2 “Investigation” where the bibliography_agent performs systematic literature search and screening, which necessarily ingests outsider-authored free text from public web/academic sources (e.g., scraped page text or fetched abstracts/full texts) into the agent context for summarization and verification.