recipe-cleanup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow can fetch arbitrary outsider-authored free text from public web pages when the first argument is a URL (including YouTube watch URLs), via WebFetch/Playwright to extract the description/recipe content and then inject that extracted text into the agent’s LLM context for formatting.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches recipe content at runtime from external URLs (notably YouTube watch pages like https://www.youtube.com/watch?v=VIDEO_ID and arbitrary recipe page URLs fetched via WebFetch/Playwright), and that fetched content is directly used as the input that controls the agent's parsing/formatting instructions.