url_reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The script scripts/fetch_url.py explicitly performs requests.get on arbitrary http/https URLs provided to the skill and prints the page text (via BeautifulSoup), meaning the agent will read untrusted, user-supplied public web pages which could contain indirect prompt-injection content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates running scripts/fetch_url.py at runtime to GET arbitrary user-supplied http(s) URLs and inject the fetched page text into the agent's context, so any provided URL (e.g., https://...) can directly control prompts used by the agent.