fetch-url

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). 该技能在运行时会对“用户提供的 URL”（外部网页）执行 page.goto(url, ...) 并读取渲染后的页面内容 page.content()，随后用 trafilatura.extract(...) 将网页正文/链接等提取为可读文本进入输出（stdout 或文件），属于“公共 web 内容/外部作者文本经网络抓取后被 LLM 上下文读取”的间接提示注入风险路径。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill runs at runtime on arbitrary http/https URLs (e.g., https://example.com) via Playwright's page.goto, which renders and executes remote page JavaScript in a headless browser (i.e., it executes remote code fetched from the provided URL).