web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and extract content from arbitrary public URLs (e.g., the Tavily Extract and Exa Extract examples and the "Extract content from URL" workflow using "urls": ["https://example.com/..."]), which are untrusted third-party web pages the agent will read and use to drive summaries/decisions, enabling indirect prompt injection.