research

Warn

Audited by Snyk on May 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs agents to "Use WebSearch" and "WebFetch on key URLs" and to read/cite external sources (official docs, GitHub READMEs, blog posts and production experience reports) in the Wave 1/Wave 2 templates and Quick Research Mode, so untrusted public web content is fetched and used to drive synthesis and decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 11:39 PM
Issues
1
Security Audit — snyk — research