web-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the agent calling stableenrich.dev Exa and Firecrawl endpoints to search, scrape, and extract content from arbitrary public URLs (e.g., "Extract Text Content", "Firecrawl Scrape", "Firecrawl Search" examples in SKILL.md), so the agent will ingest untrusted third-party web pages that could contain malicious or directive instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime agentcash.fetch calls to https://stableenrich.dev/api/... (e.g., /exa/contents, /firecrawl/scrape) which return scraped page content and direct answers that are injected into the model context (enabling prompt-injection) and these endpoints are required for the skill’s core functionality.