deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (see SKILL.md P2 "Investigate, extract, and write notes" which explicitly says to "search broadly" and "fetch and read the best supporting sources") and supporting scripts (e.g., scripts/source_evaluator.py that lists public sites like medium.com, zhihu.com) show the agent will fetch and ingest open/public third‑party (including user‑generated) web content and then use that content to drive synthesis and recommendations, creating a clear avenue for indirect prompt injection.