research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows (e.g., workflows/documentation-research.md and workflows/parallel-research.md) explicitly instruct the agent to run WebSearch/WebFetch against public URLs and third‑party sources (Google Scholar, GitHub, Stack Overflow, news sites, etc., as listed in reference/research-methodology.md) and to extract and synthesize that content to drive decisions and follow-up actions, exposing it to untrusted user-generated web content that could contain indirect prompt injections.