web-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs the agent to fetch and scrape open/public web pages (e.g., Playwright page.goto examples and the Scrapy start_urls/parse spider) so it will ingest untrusted, user-generated third-party content and act on it (following links, parsing page content, filling forms), enabling indirect prompt injection.