kepano-defuddle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs using Defuddle to parse user-provided web URLs (e.g., "defuddle parse --md") to extract markdown from online documentation, articles, and blogs, meaning the agent will fetch and interpret untrusted third-party web content that could contain injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs the Defuddle CLI at runtime (defuddle parse --md), fetching arbitrary user-supplied webpages (the passed to defuddle) and returning their content into the agent context, which can directly control prompts via injected page content.