treehaus

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 1 Step 3 explicitly instructs the agent to fetch and crawl a user-provided URL (start with sitemap.xml, then homepage and key pages) and extract site content (names, logos, text, testimonials, etc.) which the agent will read and use to drive design/build decisions, creating a clear vector for arbitrary third-party content to influence tool actions.