webcrawler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill intentionally fetches arbitrary public URLs (see the scrape/batch/brand/workflow commands in SKILL.md/README and the HTTP/Playwright fetch in src/lib/fetch-page.js), parses and extracts page content, and then uses that extracted content to generate JSON/HTML and even patch target projects via src/lib/brand-pipeline.js and src/lib/apply-branding.js, so untrusted third-party content can materially influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). scripts/run-webcrawler.sh will run npm install at runtime and thus fetch and install packages from the npm registry (e.g., https://registry.npmjs.org/cheerio/-/cheerio-1.2.0.tgz), which downloads remote code that the skill then executes as a required dependency.