scrapeninja

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes ScrapeNinja as "a web scraping API that allows users to extract data from websites programmatically" and shows workflows (e.g., using membrane action create / action run) that build and execute scraping actions which ingest arbitrary public website content that the agent is expected to read and act on, exposing it to untrusted third‑party content that could contain indirect instructions.