defuddle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs using Defuddle to parse user-supplied web pages (e.g., "defuddle parse --md") to extract content from online documentation, articles, and blogs, which means the agent will fetch and interpret untrusted public web pages as part of its workflow and could be influenced by embedded instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls Defuddle at runtime to fetch arbitrary user-supplied webpages with "defuddle parse --md", so the external URL () is fetched during execution and its fetched content would directly control the agent's prompts/context.