swirls-lang

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly documents "scrape" (firecrawl) nodes that fetch arbitrary web pages (e.g., SKILL.md / AGENTS.md "node scrape_page" with url: @ts { return context.nodes.root.input.url }) and shows that scraped page content is used in downstream prompts (e.g., AI node prompt: @ts { return "Summarize: " + context.nodes.root.output.body }), so untrusted third‑party pages can materially influence the agent's actions and enable indirect prompt injection.