fact-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow includes Step 2/3 web searching and Step 4 fetching full pages via Web Forager or Jina Reader (e.g., web-forager search returning body text and r.jina.ai/https://... converting fetched outsider webpages into markdown), which can ingest arbitrary free text authored by third parties into the agent’s LLM context.