scrapling-official

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core functionality (SKILL.md and references like references/fetching and references/mcp-server.md) explicitly fetches and renders arbitrary public URLs via commands and MCP tools such as get/fetch/stealthy_fetch/bulk_fetch and browser-based fetchers, causing the agent to read and act on untrusted third‑party web content (including links and page elements) as part of its workflow.