soushen-hunter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (scripts/bing_search.py and the CLI --deep flow) uses Playwright to perform live Bing searches and to fetch/arbitrarily visit public URLs, extracting text, links, forms, buttons and scripts from those third‑party webpages, so untrusted user‑generated web content is ingested and can materially influence subsequent agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill uses Playwright to navigate at runtime to https://www.bing.com and arbitrary user-supplied target URLs (e.g., the --deep URL like https://example.com), which causes those pages' remote JavaScript to be fetched and executed in the browser context and can therefore execute remote code that influences the agent's outputs.