company-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly runs bb search on arbitrary web queries and uses scripts/extract_page.mjs (which calls bb fetch / bb browse) to fetch and parse public websites and sitemaps (see SKILL.md Step 3/4 and references/extract_page.mjs), and those untrusted third‑party page contents are read and used to score ICP fit and drive research, file writes, and email personalization — allowing indirect prompt injection via third‑party page text.