e-commerce

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and scrape public e-commerce sites (e.g., "Check for sitemap.xml", "/products.json", /api endpoints, scrape HTML, use interact for JS-heavy sites and XHR/API calls), meaning it ingests untrusted third-party web content that can influence parsing and downstream actions.