morphiq-build

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and crawls arbitrary public HTTP/HTTPS URLs and runs live web searches as part of its required pipeline (see SKILL.md Step 1–2 and Step 4 / references/content-lab-pipeline.md "Step 1: Ingest Sources", "Step 2: Extract Content", "Step 4: Research to Fill Gaps") and the provided scripts (scripts/ingest-sources.py, scripts/extract-content.py, scripts/research-live.py, scripts/generate-llms-txt.py) show the agent fetching and parsing third‑party web content which is then used to drive research, citations, llms.txt generation, internal linking and content decisions — meaning untrusted external content can materially influence agent actions.