defuddle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs the agent to run Defuddle on arbitrary web URLs (e.g., "defuddle parse --md") to extract and read content from public web pages, meaning the agent will fetch and interpret untrusted third-party web content that could contain embedded instructions.