search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow and references/tool-catalog.md explicitly instruct the agent to use web_search, web_fetch, browser-use and the public DDGS script (scripts/ddgs_search.py) to fetch and read open web pages and snippets, which are untrusted third-party content the agent ingests and uses to drive follow-up decisions.