kaggle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly scrapes and ingests public Kaggle pages (e.g., Playwright navigation to https://www.kaggle.com/competitions/{slug}/overview, /evaluation, /leaderboard, and writeups) as part of the comp-report workflow (modules/comp-report/README.md Step 4 and Step 4b) so untrusted, user-generated content is read and used to compose reports and influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly invokes the Kaggle MCP endpoint (https://www.kaggle.com/mcp) and Playwright MCP tools at runtime to run remote browser/code actions and return scraped content that is injected into the agent's context, which constitutes a runtime external dependency that can execute remote code and influence agent behavior.