structured-extraction

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to search, scrape, and click through public websites and sitemaps (e.g., "Search for relevant results", "Scrape promising results", "Check sitemaps", "scrape the entry page"), meaning it ingests untrusted third-party web content that the agent must interpret and which can influence subsequent actions.