anti-scraping

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md n8n workflow explicitly runs Playwright against arbitrary target_url (e.g., "target_url: https://site.com"), writes /tmp/output.html, and then reads/parses that HTML with Cheerio—showing the agent fetches and interprets untrusted public web pages which can materially influence subsequent actions.