ai-engineering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to use external search/read_page/WebSearch/FetchDocument tools (see the Think-Act-Observe loop in SKILL.md with "search" and "read_page" and the ResearchAgent in references/examples.md) to fetch and ingest public web documents that the agent must read and synthesize to decide next actions, so untrusted third-party content can materially influence behavior and enable indirect prompt injection.