web-search-scraper-api-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md and scripts/web_search_scraper_api.py explicitly send arbitrary HTTP/HTTPS target_url values to the BrowserAct Web Search Scraper API to extract complete markdown from any public webpage (supports "any HTTP/HTTPS URL"), meaning the agent ingests untrusted third-party web content that could contain embedded instructions influencing subsequent actions.