deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required RETRIEVE workflow (reference/methodology.md Phase 3 and SKILL.md) explicitly performs web searches, page extraction and scraping via search-cli/WebSearch (e.g., search "URL" -m extract / search "URL" -m scrape), spawns agents to read PDFs/web pages, and persists quotes/URLs into evidence.jsonl—meaning the agent will fetch and interpret arbitrary public web content that can materially change its next actions.