nimble-web-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md instructs the agent to use nimble search and nimble extract (e.g., nimble search with social/news/general modes and nimble extract --url ... --parse --format markdown) to fetch and parse live public web pages and social/forum content (LinkedIn/X/YouTube/Reddit referenced in the social mode), which the agent is expected to read and synthesize (via --include-answer) and therefore could allow untrusted third-party content to influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The nimble CLI's extract command fetches arbitrary external pages at runtime (e.g., nimble extract --url "https://example.com/article") and returns their parsed content into the LLM context, which can directly inject remote instructions/prompts into the agent.