web-scraping-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — SKILL.md explicitly instructs the agent to fetch and parse arbitrary public websites and APIs (e.g., the "工作流程" steps and the example functions scrape_website(url), scrape_dynamic_page(url), and call_api(endpoint)), which means untrusted third‑party page content would be ingested and could influence scraping logic or subsequent actions.