web-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and scripts/web_fetch.py explicitly accept arbitrary URLs via --url or piped stdin and use a headless Chrome CDP session to fetch and extract full page text from those public webpages (e.g., fetch_page in scripts/web_fetch.py), meaning untrusted third‑party content is ingested and returned for downstream use, enabling indirect prompt injection.