scrapinghub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Proxy requests" and general Scrapinghub integration show the agent can call the Scrapinghub API (which contains scraped public web pages and third-party/user-generated content) via membrane request and run actions that ingest and act on that untrusted content, enabling indirect prompt injection.