2captcha

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill ingests arbitrary public web content—e.g., accepting image URLs for solve-captcha image and instructing extraction of sitekeys/challenges from page HTML and network requests (mentions google.com, hcaptcha.com, etc.)—so it reads untrusted third-party content as part of its workflow.