content-access

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and ingest open/public third-party content (e.g., arbitrary URLs, Archive.today/Wayback Machine lookups, Unpaywall/CORE/Semantic Scholar API calls, and reader-mode scraping via bookmarklet), so it will read and interpret untrusted, user-provided web content as part of its workflow.