defuddle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 1 in SKILL.md) calls defuddle parse "<url>" -m -j to fetch and parse arbitrary public web pages, ingesting untrusted, user-generated/open-web content and using that content to produce summaries, filenames, and saved files—so third-party page content can influence the agent's outputs and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes defuddle at runtime to fetch and parse arbitrary user-supplied webpages via the command defuddle parse "", which injects remote page content into the agent's output/context (i.e., the user-provided ""), so external URL content can directly control the assistant's responses.