web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md and scripts/web-search explicitly perform SearXNG searches and then fetch/scrape arbitrary public URLs with Lightpanda or Agent-Browser (e.g., web-search --scrape / --fetch), so the agent ingests untrusted third-party web content that can materially influence its outputs and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches arbitrary external pages at runtime (e.g., lightpanda fetch --dump ... "https://example.com" and agent-browser open for URLs returned by SearXNG), injecting that remote page content into the agent context — a clear prompt‑injection vector where fetched pages can directly control model instructions.