web-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and skill-router.json explicitly define actions like "scrape", "crawl", "search", and "extract" that fetch and return content from arbitrary public URLs/queries (e.g., input.url passed to /v1/scrape, /v1/crawl, /v1/search, /v1/extract), and the agent is expected to read and act on that untrusted, user-generated web content (including prompt-driven extraction), which could materially influence subsequent tool use.