scrapeninja

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts arbitrary public URLs via the required "url" parameter and uses the /scrape and /scrape-js endpoints to fetch page bodies, screenshots, and intercepted AJAX responses (e.g., returned "body" and "catchedAjax"), therefore it ingests untrusted open-web/user-generated content that could carry indirect prompt injection.