serpapi-tool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls SerpAPI (via MCP) to fetch live, public SERP content from Google/Bing (organic results, PAA, AI Overviews, knowledge_graph, maps/local results) and the SKILL.md explicitly instructs the agent to extract and act on that third‑party content for decisions and next steps, exposing it to untrusted user-generated/web content.