web-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and extracts text from arbitrary public websites (see SKILL.md examples and scripts/scrape.py—e.g., fetch_page, scrape, and extract_text_content), saves that untrusted user-generated/open-web content, and the workflow then instructs the agent to read/load those files for analysis, meaning third-party page content can directly influence subsequent tool use and decisions.