web-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill fetches and extracts content from arbitrary user-supplied URLs using the Jina Reader API (see the --url parameter in the workflow and usage), so the agent ingests untrusted public web content that could contain indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches arbitrary, user-supplied URLs at runtime (e.g., "https://example.com" shown in examples) via the Jina Reader API and returns page content optimized for LLM consumption, which can be injected into agent prompts and thus directly control agent instructions.