defuddle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and parse arbitrary public web pages (e.g., "defuddle parse " and "defuddle parse https://example.com/article --md") and then use that extracted Markdown for summarization/analysis, so untrusted third-party content is ingested and can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes Defuddle at runtime to fetch arbitrary user-supplied webpages (e.g., defuddle parse https://example.com/article), and that fetched page content is then used as the input/context for downstream analysis, so remote content can directly control prompts and enable prompt-injection or malicious payloads.