document-hunter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow (SKILL.md) and site-patterns.md explicitly automate browsing and scraping of public/untrusted sources—DocumentCloud, CourtListener/RECAP, Scribd, Justia, DOJ, SEC and court websites—using Playwright to render DOM, extract links and text, download PDFs, and extract quotes, so arbitrary third-party content would be read and can directly influence which links/files the agent downloads and subsequent actions.