python-sdk-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Runtime path: the SDK’s scraping/search methods (e.g., client.scrape_url(...), client.scrape.<platform>.*, client.search.*) ingest scraped page content / search results from external websites into result.data (readable text/HTML/JSON) that is then placed into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill calls client.browser.get_connect_url() which returns a CDP WebSocket URL (e.g., wss://brd.superproxy.io:9222/...) that is then used with playwright.chromium.connect_over_cdp(url) at runtime to control a remote browser and execute actions/JS, so a runtime external URL is used to execute remote code.