findweb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using findweb to perform Google searches and to "Follow up with WebFetch" on result URLs (search results and target web pages are arbitrary public websites/user-generated content), which the agent is expected to read and synthesize to inform actions and recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). I flag https://bun.sh/install because the skill’s troubleshooting advises running "curl -fsSL https://bun.sh/install | bash", which fetches and executes remote code as a required setup step for the findweb skill.