ai-automation-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Sequential Pipeline (Pattern 2: "Research" step) explicitly runs belt app run tavily/search-assistant to fetch web/search results into the RESEARCH variable and then feeds that untrusted third-party content directly into subsequent model prompts (e.g., "Write a 500-word blog post... based on: $RESEARCH"), allowing external web content to influence agent behavior and enable indirect prompt injection.