merger-model

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Data sources — MCP first, web fallback" section explicitly directs the agent to use web_search/web_extract and browser_navigate against public sites (e.g., SEC EDGAR and company IR pages), so the agent will fetch and interpret open third-party content that can materially influence model inputs and actions.