research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory Phase 0 and Phase 4 workflows explicitly direct the agent to perform targeted web searches and "fetch current documentation" and to read filed GitHub issues/community sources (e.g., Phase 0 step 3; Phase 4 step 2 and the "filed GitHub issue" verification guidance), which means the agent will ingest open/public, user-generated or third‑party web content and use it to drive verification, flags, and recommendations—allowing that external content to materially influence actions.