web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill performs real-time searches and page navigation against public web sources (Google/Bing) and fetches page content — e.g., SKILL.md/README.md and scripts/search.sh show Claude calling the Bridge Server /api/search and /api/page/navigate or /api/page/content to retrieve and then "parse and synthesize" results — so untrusted, user-generated third‑party content is read and used to drive the agent's responses and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill actively navigates and fetches content from external search engines and web pages at runtime (e.g., https://www.bing.com and https://www.google.com) via Playwright and returns those snippets/contents into the agent's Markdown output, meaning remote URLs directly influence the agent's prompts/answers.