url-summarization

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill mandates verbatim extraction and quote-grounding of page passages (including authentication sections) so any secret values present on fetched pages would be included in the model's output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires fetching and summarizing arbitrary URLs — e.g., the "When to Activate" and "Fetching Methodology" decision tree routes "generic web page" to WebFetch — so the agent ingests untrusted public web content and uses it to drive its summaries and output.