crawl-for-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly sends arbitrary URLs to a Crawl4AI instance and returns full page content/markdown for consumption (see SKILL.md and scripts/crawl4ai.js which POSTs {urls: [...] } to the /crawl endpoint and outputs page.markdown), so it ingests untrusted public web content that the agent is expected to read and could materially influence behavior.