yelp-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated Yelp content — e.g., get_reviews.py (browser-use via DuckDuckGo) and scrape_reviews.py (Browserbase scraping arbitrary Yelp URLs) extract review text and scrape Yelp pages, and the search/details/phone_search scripts pull Yelp API data — so the agent will read untrusted third-party reviews/pages as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The scrape_reviews.py tool creates and connects to a Browserbase session at runtime (session.connect_url / https://browserbase.com/sessions/{session.id}), which runs remote browser automation (i.e., executes remote code) as a required dependency.