websearch-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The service calls a SearXNG search API to retrieve web results and then uses PageFetcher to browse and scrape arbitrary public URLs (in _fetch_search_results and _process_single_page / page_fetcher.fetch_page), passing the extracted page text and OCR results into ContentAnalyzer/LLM—therefore it ingests untrusted, user-generated web content for interpretation.