audit-website

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to crawl and fetch live websites (e.g., "squirrel audit https://example.com", "How It Works: 1. Crawl: Discovers and fetches pages starting from the base URL") and to parse LLM-format report output and then "propose fixes" and "spawn subagents" to apply changes, so untrusted public web content (including external links and page content) is ingested and can materially influence tool actions.