headless-web-scraping

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires a "Target URL or list of URLs to scrape" and contains code that calls fetcher.get(...) and reads response.get_all_text()/page_text to decide fetcher escalation, extract data, and drive follow-up logic (e.g., scrape_urls, scrape_with_fallback), so it fetches and interprets arbitrary public web content that can influence agent actions.