html-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references/patterns.md explicitly instructs fetching and parsing open/public third-party content (e.g., raw.githubusercontent.com, public APIs like Mastodon/Bluesky/iNaturalist/PyPI and arbitrary CORS-enabled URLs) so the agent will read and interpret untrusted, user-provided web content as part of its workflow.