tinyfish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly sends arbitrary public URLs (the "url" field in requests to https://agent.tinyfish.ai/v1/automation/run-sse, e.g., examples like https://pizzahut.com or user-provided URLs in extract.sh) to scrape open web pages and then ingests and interprets the returned page content, which is untrusted third‑party/user-generated content and could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime POST requests to https://agent.tinyfish.ai/v1/automation/run-sse (and requires a TINYFISH_API_KEY) to perform browser automation and return SSE results, so the external service executes remote code based on provided "goal" instructions and is a required runtime dependency.