content-parser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts arbitrary HTTP(S) URLs and submits them to the content extraction API (see "Step 1: URL Input" and the workflow's POST /v1/content/extract), and references supported public platforms (references/supported-platforms.md) including social media and general web pages, so untrusted third-party content will be fetched and interpreted as part of the agent's workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to the content-extraction API (https://api.marswave.ai/openapi/v1/content/extract) and relies on the API to fetch arbitrary user-supplied web content which is returned and injected into the agent’s context (thus allowing remote content to directly control prompts), so this is a high-confidence runtime dependency risk.