python-executor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly enables fetching and scraping arbitrary public web content (e.g., the "Web Scraping" example uses requests.get("https://example.com") and the pre-installed libraries list includes requests, BeautifulSoup, selenium, and playwright), so the agent can ingest untrusted third‑party pages that could contain instructions influencing its actions.