morphiq-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses arbitrary public site content (SKILL.md Step 1: "Fetch {domain}/robots.txt" and "{domain}/sitemap.xml" and select pages) and the runtime script scripts/extract-meta.py (fetch_url) downloads and ingests marketing pages which are then used to compute scores and generate issues/remediation hints, so untrusted third-party page content can materially influence the agent's decisions.