crawl-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill clearly fetches and ingests arbitrary public web content — e.g., lib/crawler.ts's processUrl calls page.goto(url) and then runs extractor(page) (and extractLinks) to parse and act on page DOM, lib/scraper.ts returns page.content(), and lib/robots.ts fetches robots.txt — so untrusted third-party pages are read and used to drive extraction and discovery, enabling indirect prompt injection.