icp-onboarding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly asks for a website URL and runs scripts/scrape-website.ts to fetch and strip text from the user's public website (homepage, /about, /pricing, /case-studies, etc.), then reads that scraped JSON to pre-fill interview answers and drive ICP decisions, exposing the agent to untrusted third-party web content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs scripts/scrape-website.ts at runtime to fetch the user-supplied website (example usage: npx tsx scripts/scrape-website.ts --url=https://example.com) and then reads the scraped HTML/JSON to generate the agent's summary and pre-filled interview prompts, so external site content can directly control agent instructions.