Parser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The Parser skill explicitly fetches and scrapes arbitrary public URLs and user-provided sites (e.g., Workflows/BatchEntityExtractionGemini3.md shows curl/WebFetch and scraping of URLs, ExtractArticle.md uses GeminiResearcher to scrape web articles, and Web/README.md accepts arbitrary URL input), meaning the agent ingests untrusted, user-generated third‑party content (YouTube, Twitter/X, newsletters, PDFs, web pages) as part of its workflow and could be exposed to indirect prompt injection.