deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md and reference/research-workflow.md) explicitly mandates running web_search and then using read_webpages_as_markdown to fetch and fully read public URLs (Immediate Actions Step 1 and Phase 3), and the report template's Sources section contains external links, so untrusted third-party web content is ingested and used to drive conclusions and next actions.