spike

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "Research (per spike)" step explicitly instructs the agent to use Hermes web tools (e.g., web_search and web_extract with example URL "https://websockets.readthedocs.io/...") to fetch and read external documentation/web pages, meaning the agent will ingest untrusted third‑party content and let it influence library/approach selection and build decisions.