web-content-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and renders arbitrary public web pages (see SKILL.md examples like read '{"url":"https://example.com"}' and the runtime code in tool.js using lib/fetcher.js and lib/renderer.js), returning extracted text/html/json that an agent is expected to read and act on—so it ingests untrusted, user-controlled third‑party content that could carry indirect prompt-injection instructions.