deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's claude-companion evaluation loop explicitly allows companion runtimes to use WebSearch/WebFetch (see run-evaluation-loop.mjs passing --allowed-tools and the sample recipe skills/deep-research/recipes/sample-simulator-research.json / SKILL.md which include WebSearch, WebFetch and open-web source policies), and the companion's stdout/raw.json is parsed as factual report and used to drive report normalization, evaluation, and next-prompt synthesis—so untrusted public web/community sources can directly influence agent decisions.