res-price-compare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to perform WebSearch/WebFetch (with scrapling fallback) against public sites (Ceneo, Allegro, Amazon.pl and many shop URLs listed in references/polish-market.md) and to parse those pages to drive verification, ranking, and follow-up actions, so untrusted third‑party content can directly influence the agent's decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs runtime WebFetch and scrapling fetches of external product pages (for example ceneo.pl) using patterns like WebFetch(url, prompt) and scrapling extract ..., injecting fetched page content into the agent's extraction prompts and decision flow (so ceneo.pl and other shop URLs such as allegro.pl/amazon.pl are runtime dependencies that directly influence agent behavior).