research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow launches researcher agents that explicitly perform web searches and return citations/current data (see "Agent Types" entries like "perplexity-researcher: Citations, current data" and "claude-researcher: Built-in WebSearch" and the Execution section requiring those agents to be run and synthesized), which means the agent will ingest and act on open/public third‑party web content that could contain untrusted instructions.