research-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent and its write-capable subagents to perform web search and "fetch any documentation URLs provided inline", "use web fetch to retrieve and read full pages", and "clone git repos / download SDKs / install packages into temp/" (see Phase 1 "Fetch any documentation URLs provided inline" and Phase 2 plus references/research-subagent-guidance.md), so it ingests arbitrary public third-party content which the agent must read and which can materially change subsequent actions (e.g., deciding collection method and generating test scripts).