web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly calls out Tavily/Exa extract and search apps (e.g., infsh app run tavily/extract --input '{"urls": ["https://example.com/article1"]}' and the "Workflow: Extract + Summarize" that feeds extracted web page content into an LLM), which fetches and ingests arbitrary public web pages whose untrusted/user-generated content can influence downstream agent behavior.