notemdpro-web-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly scrapes and fetches full page content from the open web via the DuckDuckGoProvider and fetchContentFromUrl (requestUrl -> extract text from HTML) as part of _performResearch and then injects that combined context into the researchSummarize prompt, so untrusted third-party web content can directly influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The DuckDuckGo provider uses fetchContentFromUrl at runtime to GET arbitrary search-result URLs (external webpages returned by DuckDuckGo) and injects the extracted text directly into the model prompt (e.g., the {SEARCH_RESULTS_CONTEXT} in the researchSummarize template), so those fetched URLs can control agent instructions — flagged: "URLs returned by DuckDuckGo search results (fetched via fetchContentFromUrl)".