ultraresearch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). At runtime, the skill spawns web/browsing/librarian workers that fetch public web pages and scraped content, and those workers’ extracted page text is then ingested into the orchestrator’s LLM context via the workers’ message replies (including EXPAND/CLAIMS text), creating an indirect prompt-injection path from outsider-authored free text.