backend-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The python/SKILL.md Playwright examples (e.g., "网页爬虫实战" with Scraper.scrape_page/scrape_multiple that call page.goto(url) and extract page content, plus form auto-fill and scraping patterns) explicitly fetch and act on arbitrary public URLs, meaning the agent would ingest untrusted third‑party, user‑generated web content that can influence subsequent tool actions.