sd-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to navigate the user's ScienceDirect page (BASE_URL/search) and run evaluate_script to scrape and interpret the page DOM (search results and metadata), which ingests open/public third-party webpage content that can influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly instructs the agent to evade bot-detection (set navigator.webdriver to undefined) and to programmatically bypass Cloudflare Turnstile captchas, which is a directive to circumvent security mechanisms even though it doesn't request sudo or modify system files.