digikey

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md) and the provided scripts (fetch_datasheet_digikey.py and sync_datasheets_digikey.py) explicitly fetch data from public DigiKey APIs, fallback to DigiKey web pages, manufacturer sites and arbitrary direct URLs (including Playwright-driven pages), download and extract/interpret PDF datasheets, and use that extracted content to verify parts and drive sync/manifest decisions—therefore it ingests untrusted third‑party web content that can influence tool behavior.