excalidraw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses arbitrary public URLs in Phase 2 ("Scrape my website" — uses WebFetch on a user-supplied URL) and accepts links/screenshots to "match a reference" and also reads/analyzes user-provided articles/transcripts in Phase 3, so the agent ingests untrusted open-web/user-provided content as part of its workflow, which could enable indirect prompt injection.