crawl4ai-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts/crawl.py (and SKILL.md workflow) explicitly fetch arbitrary public URLs via the configured CRAWL4AI_URL (default https://crawl.981234.xyz) and return Markdown which is then passed to the LLM for summarization/analysis, meaning untrusted third‑party webpage content can be ingested and influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The CLI posts to the external crawl4ai endpoint (default https://crawl.981234.xyz/md) at runtime to fetch arbitrary Markdown that is then fed to the LLM, so remote content directly controls prompts and the skill requires that external service.