screaming-frog-tool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly says "With MCP Connected the agent can trigger crawls and read results directly" and instructs custom extraction of page content (e.g., extracting script[type='application/ld+json'] and other page elements) from public websites or uploaded crawl exports, so the agent ingests and acts on arbitrary public third‑party page content as part of its workflow.