scrapeninja

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs calling ScrapeNinja endpoints (/scrape, /scrape-js) with an arbitrary "url" and returns untrusted public webpage content (info.body, info.catchedAjax, extractor results) which the agent is expected to read/interpret as part of its workflow, allowing third-party page content to influence subsequent actions.