riddle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The plugin's tools (riddle_screenshot, riddle_screenshots, riddle_steps, riddle_script, riddle_run) explicitly navigate and scrape arbitrary public URLs and can return screenshots and HAR/network captures from third‑party websites (user-provided URLs), which the agent is expected to read/interpret.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill sends Playwright scripts and automation payloads at runtime to Riddle's API (https://api.riddledc.com), which executes those scripts on remote servers (remote code execution) and is a required runtime dependency.