research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's protocol Step 2: SEARCH explicitly requires using WebSearch and WebFetch to discover and "read actual pages" (3-6 credible sources, including blogs, GitHub, forum answers) — i.e., it fetches and ingests open/public third-party content that the agent must interpret and use to form recommendations, creating a clear vector for indirect prompt injection.