data-scraper-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes arbitrary public sites/APIs/RSS (see scraper/sources/my_source.py and the HTML/RSS/Playwright patterns in SKILL.md and Step 1 examples like "Monitor a subreddit" or "Hacker News"), then feeds that untrusted, user-generated content into the AI pipeline (ai/pipeline.py → ai.client.generate) whose outputs (scores/summaries) drive filtering and storage actions, so third-party content can indirectly inject instructions that change agent behavior.