openwebninja

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests public, user-generated web content (see SKILL.md and API catalog entries such as apis/realtime-forums-search/README.md for forums, apis/realtime-web-search and apis/google-ai-mode/README.md for web/AI-overviews, and the web-unblocker entry for arbitrary URL fetching) and the workflow shows these results being read, summarized, and used to drive chained API calls or analysis, so untrusted third-party text could materially influence subsequent tool use despite the included "handling untrusted content" guidance.