webpage-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and extracts content from arbitrary public HTTP/HTTPS URLs provided by the user (see SKILL.md "Purpose" and "Workflow" steps using Defuddle/WebFetch) and instructs the agent to read, preserve, and act on that extracted page content (Step 3/Step 5 and "Integration with Other Skills"), so untrusted third‑party page text can materially influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly fetches arbitrary user-provided HTTP/HTTPS pages at runtime (e.g., https://docs.anthropic.com/en/docs/about-claude/models) and injects the extracted Markdown into the agent's context, so remote page content can directly control prompts/instructions and create a prompt-injection risk.