deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs agents to perform WebSearch and to fetch and deep-read arbitrary web URLs using mcp__web_reader__webReader (see agents/researcher.md, references/pipeline.md Step 3, and agents/verifier.md), meaning it ingests untrusted public web content that the agent must interpret and that can influence tool use and downstream actions.