audit-website

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to crawl and fetch arbitrary live websites (e.g., "squirrel audit https://example.com", "You should PREFER to audit live websites", and "Crawl: Discovers and fetches pages starting from the base URL"), thereby ingesting untrusted public web content that the agent analyzes and uses to propose and apply fixes (including spawning subagents), which could enable indirect prompt injection.