webpage-to-courseware

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches arbitrary user-provided webpages (via WebFetch and curl) and downloads images (scripts/extract-images.py and scripts/download-images.py) and then parses the HTML and OCRs image contents (Read) as part of its workflow, so it directly ingests untrusted third‑party content that could contain indirect prompt injections.