flyscrape

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open public web content (e.g., SKILL.md config "url"/"urls" and follow defaults, references/config.md allowing allowedDomains: ["*"], and examples like examples/multi-site.js which scrape reddit.com, news.ycombinator.com, lobste.rs) and the runtime scripts parse that untrusted HTML/JSON and use it to drive decisions and actions (scrape(), follow(), download()), so third‑party pages can indirectly inject instructions that change tool behavior.