web-content-fetcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill (scripts/fetch.py) builds a WebIntent with WebIntentType.READ_URL from a provided URL and calls WebIntelligenceRouter().execute(request), then finalizes and uses the returned markdown/citations in its output, meaning arbitrary third-party web pages are fetched and their untrusted content can influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches and returns the content of the runtime-provided URL (request.intent.url) via WebIntelligenceRouter.execute and exposes that remote markdown directly to the agent pipeline (i.e., any URL passed to the "url" parameter is fetched at runtime and its content can control prompts), so the runtime-provided URL (request.intent.url) is flagged.