research-fleet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs scouts to "formulate, search, extract, write" and to use WebSearch and fetch raw GitHub content (see "Step 2: DEPLOY WAVE 1" and the "WebFetch Restrictions" section), meaning agents will fetch and interpret public, user-generated web content that can influence subsequent waves and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's runtime scout prompts explicitly instruct fetching README content from raw GitHub URLs (https://raw.githubusercontent.com/{user}/{repo}/{branch}/README.md), which would be fetched at runtime and injected into the agent's context—allowing remote content to directly control the agent's prompts.