crawler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests arbitrary http/https webpages (via scripts/crawl.py and the SKILL.md mandate) using third-party endpoints and tools — Firecrawl (firecrawl_scraper.py), Jina Reader (r.jina.ai in jina_reader.py) and a Scrapling headless browser (scrapling_scraper.py) — so untrusted, user-generated web content is read and returned as markdown that can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime GETs to the hard-coded Jina Reader proxy at https://r.jina.ai/ (JINA_BASE_URL), which returns arbitrary page markdown that is injected into the agent's context and therefore can directly control prompts provided to the model.