search-and-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly performs web searches (WebSearch, MCP, agent-browser) and fetches/arbitrarily ingests page content via crwl or agent-browser in Fetch Mode (extracting and analyzing full text and returning structured analysis or triggering saves), which clearly exposes the agent to untrusted public web content (search engines and arbitrary URLs) that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches arbitrary external pages at runtime via commands like "crwl -o md-fit" and "agent-browser open " and injects the fetched content into the model context for analysis, so user-supplied URLs (crwl / agent-browser open ) can directly control prompts.