smart-shopper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses the agent-browser to fetch and scrape public shopping sites (e.g., Amazon, Rakuten, Taobao) and stores full product page text and user reviews in product_pages (see SKILL.md Step 2 and Step 4 and scripts/product_db.py product_pages handling), which the agent reads and uses to filter, verify, and decide next actions—exposing it to untrusted, third-party content that could carry indirect prompt-injection.