research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow in SKILL.md ("Step 4: Run Searches") and the search templates in references/agent-prompts.md explicitly instruct the agent to perform web_search/web_fetch on open/public sites—including Reddit, Quora, and general web pages—and to read and synthesize those results to drive recommendations, which clearly exposes it to untrusted third‑party content that could carry indirect prompt injections.