deep-research-with-instructions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly "researches external docs and the open web" (SKILL.md) and its workflow/SOURCES.md require using Exa tools (mcp__exa__web_search_exa, WebFetch, crawling_exa) to fetch and ingest public URLs and page content which the agent reads, cites, and uses to drive investigations and tool actions, so untrusted third‑party content can materially influence behavior and enable indirect prompt injection.