dribl-crawling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's extraction workflow explicitly visits the public site https://fv.dribl.com/fixtures/ and intercepts API responses from https://mc-api.dribl.com/api/list/clubs and /api/fixtures, ingesting untrusted public JSON that the tool parses and uses to drive transformations, merging, and matching logic (e.g., finding club IDs), so third-party content can materially influence behavior.