notte

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's core workflows (e.g., Session.execute(type="goto", url=...), client.scrape(url=...), and agent.run examples like "Go to news.ycombinator.com and summarise the top 3 stories" in SKILL.md) require navigating, scraping, and interpreting arbitrary public websites, so untrusted third-party web content can directly influence the agent's decisions and actions.