jina-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts/reader.ts and SKILL.md show it fetches and returns arbitrary public web content via the Jina endpoints (READ_BASE https://r.jina.ai for reading arbitrary URLs and SEARCH_BASE https://s.jina.ai for web search), so the agent ingests untrusted, user-provided third‑party pages/search results as part of its workflow which could contain instructions that materially influence behavior.