search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to run WebSearch and WebFetch and to call external MCPs (e.g., mcp__tavily__, mcp__perplexity__, WebFetch of "known URL") to fetch and ingest public web pages, news, GitHub discussions and other user-generated content which the agent must read and use to drive tool choice and answers, exposing it to untrusted third-party content and potential indirect prompt injection.