gourmet-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and scrape public review and aggregator sites (e.g., Google Maps, Yelp, Tabelog, TripAdvisor) and to use Playwright to load pages and extract items, so the agent will read and interpret untrusted user-generated third‑party content as part of its workflow.