ta-research-AFP-auto

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes the agent to untrusted third‑party web content because ta_tools.py defines a web_search tool (ta_tools._web_search) that performs live internet searches (via duckduckgo_search) and the required checkpoint workflows in ta_checkpoints.py / SKILL.md (e.g., CP1, CP4, CP11) explicitly instruct the agent to fetch and use those web results for literature retrieval and citation verification, which the agent reads and uses to drive decisions and outputs.