web-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill invokes the "page_reader" function (used by the CLI, scripts/web-reader.ts, and the Express endpoints /api/read-page and /api/read-multiple) to fetch and extract HTML/text from arbitrary public URLs, so it directly consumes untrusted third‑party web content that the agent reads and processes.