url-dump

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts arbitrary user-shared URLs and "Fetch the web page content" (see "2. URL Validation & Fetch" -> "Fetch the web page content" and the "Content Extraction" section), meaning it ingests untrusted public web content which is then analyzed and used to drive categorization, insights, and follow-up actions—allowing third-party content to influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches arbitrary user-supplied URLs at runtime (e.g., raw GitHub or pastebin URLs such as https://raw.githubusercontent.com/... or https://pastebin.com/...), injecting the fetched page content into the agent's processing/context for summary and insight generation, so external content can directly control prompts or model output.