wos-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and scrapes publisher/public webpages (Step 3 navigate_page to {CHOSEN_LINK} and the Step 4 evaluation script that reads document.body, links, and contentType) and uses that untrusted third‑party content to decide actions (download, click, or report paywall), so it exposes the agent to arbitrary public web content that could carry indirect prompt injections.