kadoa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly exposes web-scraping and third‑party data flows — e.g., "Get Locations" (proxy locations for web scraping), "Get Workflow Data" (retrieves the extracted data from a workflow), and "Proxy requests" (send requests to arbitrary endpoints) — which let the agent fetch and consume untrusted public web content that could influence tool use and decisions.