functions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's reference and workflow explicitly show functions navigating to and scraping arbitrary, user-supplied URLs (e.g., params.url in REFERENCE.md "Parameterized Scraping" and the SKILL.md test invoking "https://news.ycombinator.com") and reading page content via Playwright (page.goto, $$eval, textContent), which exposes the agent to untrusted third-party web content that could carry indirect prompt-injection instructions.