tool-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's documentation and required workflow explicitly include web-scraping tools and examples that accept arbitrary URLs (see examples/mcp-consolidation-examples.md "Example 3: Web Scraping (Firecrawl-style)" and SKILL.md's Grey Haven MCP Integration listing the "firecrawl" scraper), which means the agent would fetch and ingest untrusted public web content that could carry indirect prompt injections.