visit-webpage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches arbitrary public webpages through the Jina Reader proxy (fetch_webpage builds requests to https://r.jina.ai/{url}) and downloads images from user-supplied URLs (check_content_type / download_image in visit.py), returning untrusted, third-party page content as markdown for the agent to read and act on, so those pages could contain instructions that materially influence subsequent behavior.