icp-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's VoC Collector (agents/voc-collector-agent.md) and related search scripts (scripts/search-platforms.sh / SKILL.md VoC/Habitat steps) explicitly instruct scraping and ingesting user-generated public sources (Reddit, G2, Twitter, LinkedIn, forums, etc.) and those quotes are consumed by downstream agents (pain-analysis, decision-psychology, synthesis, critic) to drive decisions and re-dispatching, so untrusted third‑party content is read and can materially influence agent actions.