scrapeninja

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to call the /scrape and /scrape-js endpoints with an arbitrary "url" parameter (e.g., the Cheerio extractor example for "https://news.ycombinator.com") and returns page "body" and extracted data, meaning it fetches and ingests untrusted public web content that can directly influence parsing, extraction, and subsequent actions.