font-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses HTML/CSS/JS from arbitrary public websites (see SKILL.md Step 1: "Fetch the page HTML" and "search the JS bundle(s)" and the scripts that download font URLs), and then downloads and processes font files from those third-party URLs, so untrusted web content can directly influence which resources are fetched and how the agent acts.