nimble-agent-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and inspects arbitrary third‑party web pages (e.g., the Playwright probe in "When agent generation needs site investigation" and the Discovery/Step 1D flows that call nimble search, nimble map, and nimble extract on user-supplied URLs/domains) and then uses the scraped page content (selectors, XHR endpoints, render results) to drive agent generation, validation, and subsequent actions, so untrusted web content can materially influence tool use and decisions.