search-page-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Step 1: Fetch & Parse" explicitly requires fetching and parsing the provided URL's full HTML/rendered content and domain files (robots.txt, sitemap.xml, llms.txt), so the agent ingests arbitrary public web content that directly drives audit decisions and could enable indirect prompt injection.