web-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and scrapes arbitrary public web pages and search results (e.g., Phase 2 "Initial Fetch" WebFetch prompt, Discovery Mode WebSearch, and Strategy B Browser automation with navigate/read_page/javascript_tool) and then uses that untrusted, third‑party content to choose strategies, extract fields, and trigger actions (auto‑escalation, pagination, clicks), so page content can materially influence tool use and decisions.