spider

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and scrapes arbitrary public websites (e.g., curl of $BASE_URL, sitemap.xml processing, and multiple curl examples) and feeds the retrieved page CONTENT into the AI (gemini) for analysis, so it ingests untrusted third‑party web content that could contain indirect prompt injections.