batch-scrape

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs scraping workflows that fetch public documentation from external sites (e.g., Anthropic docs, cursor.com llms.txt, geminicli.com, OpenAI/Gemini sources referenced in each ecosystem's "Step 1: Run Scraping") and then instructs the agent to analyze diffs, adjust filtering, and make commits based on that scraped content, so untrusted third‑party content can directly influence tool use and next actions.