web-page-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary webpages and their content (e.g., get_page_map/get_page_markdown in asset-extraction.md and data-generation.md, batch_scrape/firecrawl fallback, and download_page_data/get_page_screenshot in prototype-restoration.md), meaning the agent will read untrusted public web content as part of its workflow and that content could influence subsequent actions.