extract-project-logo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly visits and scrapes arbitrary public third-party sources—project homepages/brand kits via Playwright, GitHub repositories, Twitter/X avatars, CoinGecko, and image-search results—so the agent will ingest untrusted, user-generated web content as part of its workflow.