web-scraping

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary target URLs and performs read operations on public pages (see "Phase 2: Navigation" navigate({ url: targetUrl }) and "Phase 4: Data Extraction" using get_page_text/read_page/javascript_tool), meaning it ingests untrusted, user-generated open-web content which the agent reads and interprets.