phone-specs-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and included code explicitly instruct the agent to fetch and scrape public, untrusted web pages (e.g., GSM Arena, MK Mobile Arena, PhoneDB, TechRadar) — see the "Agent prompt" and the scrape_gsmarena_specs / scrape_comparison_site examples — so the agent will read and act on third-party page content as part of its workflow, enabling indirect prompt injection.