web-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md and accompanying scripts (scripts/fetch_page.py, scripts/crawl_dynamic.py, and scripts/search_web.py) explicitly fetch and ingest arbitrary public web pages and DuckDuckGo search results as Markdown for downstream synthesis, meaning untrusted third‑party content is read and can influence the agent's decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill accepts and fetches arbitrary user-supplied target URLs at runtime (e.g., the example "https://example.com/article" passed to python fetch_page.py or scripts/crawl_dynamic.py), converts remote page content into Markdown that can be injected into model context (thus controlling prompts), and crawl_dynamic.py renders pages with a headless browser that executes the page's JavaScript (remote code execution), so runtime-fetched URLs can both control prompts and execute code.