explore

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to perform web searches and fetch third-party content (e.g., via exa MCP, WebFetch/WebSearch, and gh CLI to read GitHub issues and blogs) and to read/interpret those results as part of its workflow, which can materially influence decisions and tool use.