research-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs subagents to fetch and open URLs from public sources (see Stage 4 "Fetch-contract" in SKILL.md and the subagent output schema in references/subagent-spec.md) and snapshots those pages via scripts/snapshot_manifest.py (defuddle/firecrawl tiers), so arbitrary third-party web content is read and can influence canonization and downstream decisions.