scraping-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs the agent to fetch and process open/public third‑party content (e.g., arbitrary URLs via Crawl4AI and Firecrawl as shown in references/domains/crawl4ai/SKILL.md and references/domains/firecrawl/SKILL.md, plus social and review sources like X/Twitter, Facebook Ad Library, and Trustpilot in the top-level SKILL.md and subskill SKILL.md files), and that fetched untrusted, user-generated content is read/interpreted to drive extraction, crawling decisions, and follow‑on actions—creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The ida-domain-scripting skill explicitly instructs a runtime setup that clones and installs code from GitHub — e.g. https://github.com/HexRaysSA/ida-domain.git — and then runs its setup (uv run python setup.py), which fetches remote code that will be executed as a required dependency.