agent-reach-internet-access

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md shows the agent fetching and reading untrusted, user-generated web content (e.g., web pages via r.jina.ai, tweets via twitter-cli, Reddit via rdt-cli, YouTube via yt-dlp, RSS feeds, Exa web search, Weibo/V2EX/XiaoHongShu, and GitHub) and includes workflow examples (e.g., "Scrape Twitter Thread for Research", "Read Web Page Content for Analysis") that require the agent to parse that third-party content and act on it, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls https://r.jina.ai at runtime to fetch and return arbitrary web page content (converted to markdown) that is injected into the agent's context and can therefore directly influence or control prompts/instructions.