functions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's examples and reference docs (SKILL.md function structure and REFERENCE.md "Parameterized Scraping" and invocation examples) explicitly show browsing arbitrary URLs (e.g., params.url, news.ycombinator.com) and scraping page content with page.goto/$$eval, so the agent will fetch and interpret untrusted public web content as part of its workflow.