scrapesocial-facebook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and ingest public, user-generated Facebook content (pages, posts, comments, groups, and ad library data) via commands like "facebook profiles posts", "facebook comments", "facebook groups posts", and "facebook ads search" (see the Minimal examples and workflows), so untrusted third‑party text is read and used to drive analysis and follow-up actions, enabling indirect prompt injection.