font-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md workflow (Step 1) and scripts/download_fonts.py explicitly fetch HTML/CSS/JS and download font files from arbitrary website URLs, and scripts/organize_fonts.py reads untrusted font name metadata to decide folder names and reporting, so public third‑party content is ingested and directly influences what the agent downloads, organizes, and reports.