polpo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core docs and tool catalog (references/tools.md and references/patterns.md in SKILL.md) explicitly expose agents to arbitrary web content via tools like http_fetch, search_web and the full browser_* Playwright suite (and show agent patterns using them for "research" and "browser automation"), meaning the agent will fetch and interpret untrusted public web pages as part of its workflow.