web-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs web searches and loads arbitrary public URLs (scripts/google_search.py, scripts/read_page.py, scripts/browser_session.py, scripts/download_file.py) and its SKILL.md "Workflow Pattern" directs an agent to Search → Read/Open → interact → decide next actions, meaning untrusted third‑party page content is ingested and can influence subsequent tool use.