rag-eval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Notes" explicitly tells the agent to "do web research" using tools like tavily-search or firecrawl-research to pull current evidence from the open web, and those results are read and synthesized into the audit/report and sweep decisions, exposing the agent to untrusted third‑party content that can influence actions.