web-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and browses arbitrary public URLs (Discovery Mode/WebSearch, Phase 2 WebFetch step, and Browser automation in Phase 3/4) and then reads and interprets that untrusted page content to decide strategies, perform actions (auto-escalation, pagination, JS extraction) and build extraction prompts, which meets the criteria for exposure to third‑party content that could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill issues WebFetch/browser requests to arbitrary user-supplied TARGET_URLs at runtime (e.g., WebFetch(url=TARGET_URL) — example https://example.com/page) and feeds the fetched page content into AI extraction prompts, which can allow remote page content to control agent behavior (prompt injection) or deliver malicious payloads.