what-antibot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main script (scripts/detect.mjs) explicitly fetches arbitrary target URLs and then reads and parses the returned HTML, headers, and Set-Cookie values — and even extracts and fetches up to 10 same-origin assets in detectAssetLevel — so untrusted third-party webpage content is ingested and used to drive further fetches and detection decisions (see SKILL.md and probe()/fetchAsset()/extractScriptURLs() in scripts/detect.mjs).