article

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly downloads and parses arbitrary public web pages (e.g., reader "URL", trafilatura --URL, and curl-based extraction shown throughout SKILL.md) and the agent reads/uses that extracted content (title, body, preview, and potential follow-up actions like creating plans), so untrusted third‑party page content could influence behavior and enable indirect prompt injection.