research-brightdata

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to use search_engine and scraping tools (scrape_as_markdown, scrape_batch, scraping_browser_navigate, extract, etc.) to fetch and ingest open/public third-party pages (e.g., Etsy, Amazon, Google/Bing SERPs shown in the examples like examples/market-research-etsy-nba.md and examples/competitive-analysis-pricing.md), and those untrusted/user-generated pages are read and acted on as part of the mandatory research workflow, so they could carry indirect prompt injections that influence subsequent tool use and decisions.