site-extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes arbitrary public websites (user-supplied primary URL) — see SKILL.md plus scripts/basic-extract.sh (curl fetches, deep scraping of linked pages) and scripts/firecrawl-extract.sh (calls api.firecrawl.dev and ingests markdown/branding) — and then parses that third‑party content to extract claims/proofs and drive downstream actions (e.g., /page-strategy), so untrusted page content can materially influence agent behavior.