ask-many-models

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's deep-research flow clearly performs web research (see scripts/deep-research-query.ts which calls OpenAI/Gemini deep research with web_search_preview and scripts/query.ts which incorporates those model responses and citations into the live results and synthesis), so untrusted public web content is fetched and then read/used to drive synthesis and next actions.