pricing-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to scrape open/public vendor pricing pages (e.g., "Scrape-driven", use provided URLs like https://.../pricing and "search ' pricing' and take the top result"), meaning it fetches and ingests untrusted third‑party webpage content that the agent must read and act on to extract pricing tiers.