defuddle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs Defuddle on arbitrary user-provided URLs to extract markdown from web pages (online documentation, articles, blog posts), so the agent will ingest untrusted public web content that could contain indirect prompt-injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs the Defuddle CLI at runtime using "defuddle parse " to fetch arbitrary user-provided web pages (the placeholder ), and the extracted markdown is intended to be injected into the agent's context so the fetched content can directly control prompts or instructions.