extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and scripts/extract.sh explicitly send arbitrary public URLs in the "urls" field to https://api.inspiro.top/extract to retrieve web page content, so the agent ingests untrusted/open-web (user-generated/public) pages that could contain instructions and materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime POST requests to https://api.inspiro.top/extract (and thus fetches arbitrary remote page content) which is returned as raw/markdown and can be injected into the agent's context and thereby directly control prompts; the API endpoint is a required runtime dependency.