tech-stack-teardown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and ingests arbitrary public third‑party content (e.g., scripts/recon.py's scan_website_source uses curl to fetch https://www.{domain} and the SKILL.md/Agent Integration describe web searches of Trustpilot/Reddit and running the Apify profiler), and the agent reads and uses those results to decide which tools are reported, so untrusted web content can materially influence agent behavior.