web-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and scrape open/public web pages (e.g., Exa contents at https://stableenrich.dev/api/exa/contents and Firecrawl scrape at https://stableenrich.dev/api/firecrawl/scrape) and then read/synthesize that extracted content, which exposes the agent to untrusted third-party user-generated or web content that could contain indirect prompt injections.