xcrawl-crawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and API usage (POST https://run.xcrawl.com/v1/crawl with a user-supplied url and the Result response data[] fields like html, markdown, links, and json) clearly fetch and return raw content from arbitrary public websites, which are untrusted third-party sources that the agent is expected to read and which can materially influence downstream decisions and actions.