jina-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill (SKILL.md and scripts/reader.sh) explicitly fetches and returns arbitrary web content via Jina Reader endpoints (e.g., curl to https://r.jina.ai/${INPUT} and https://s.jina.ai/${ENCODED_QUERY} in read/search modes), so untrusted public webpages and search results are ingested and presented in the agent's workflow and can materially influence outputs or decisions.