olx-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and scrapes public OLX pages and APIs (e.g., cmd_search builds and GETs https://www.olx.com.br category/search pages and cmd_details GETs arbitrary listing URLs, then parses JSON-LD/og/meta/window.dataLayer), which are user-generated/untrusted marketplace listings that the agent reads and interprets as part of its workflow, exposing it to indirect prompt injection.