Evals

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Data/DomainPatterns.yaml for the "research" domain explicitly requires tool calls like "web_search" and "read_source", and model-based graders (e.g., Graders/ModelBased/NaturalLanguageAssert.ts and LLMRubric.ts) incorporate transcript.tool_calls and fetched references into judge prompts and scoring, meaning untrusted public web content is ingested and can directly influence evaluation decisions and downstream actions.