flashcard-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to access arbitrary web pages via "Step 1: Access the Web Content" using tabs_context_mcp and read_page / get_page_text to extract content from the current page, meaning the agent will ingest untrusted public page content which will be interpreted to generate files and run the conversion script (Step 8), enabling indirect prompt-injection risk.