google-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's vendor/web-search.mjs and SKILL.md explicitly perform Google searches and then open and scrape arbitrary result URLs—using site-specific extractors for dev.to, reddit, x.com, lobste.rs and a generic extractor—to ingest public, user-generated page bodies and comments, which can directly influence agent outputs and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill uses chromux at runtime to open and eval against external web pages (starting with https://www.google.com/search?q=... and then visiting result URLs such as dev.to, reddit.com, x.com) and extracts/returns page bodies and comments — meaning arbitrary remote content (and page JS) is fetched during execution and injected into the agent's output/context.