mouser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes public third-party content (Mouser product pages, DataSheetUrl PDFs, and manufacturer websites) as part of its runtime workflow (see "Datasheet Download & Sync" and "Web Search Fallback" in SKILL.md and the download/search logic in scripts/fetch_datasheet_mouser.py and scripts/sync_datasheets_mouser.py), and that external content is parsed/verified and used to drive decisions (accepting/renaming/downloading datasheets and selecting part metadata), so it can enable indirect prompt injection from untrusted web-origin content.