web-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to use Tavily and Firecrawl to search, read, scrape, and crawl public web pages (e.g., tavily_search and firecrawl scrape "https://competitor.com/pricing"), meaning the agent ingests untrusted third‑party web content as part of its workflow which could materially influence its actions.