skill-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to perform web searches and "fetch the actual skill file" and "read the actual skill content" (SKILL.md Phase 3: Collect and references/search-playbook.md which lists tools like WebFetch/read_url and web search), meaning it will ingest untrusted, user-generated public web content (GitHub, forums, marketplaces) that can influence analysis and downstream actions—exposing the agent to indirect prompt injection risk.