api-quota-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and snapshots public third-party consoles (e.g., SKILL.md and scripts/query_quota.py instruct browser(action='navigate') to pages like https://console.x.ai/usage, https://aistudio.google.com/apikey, https://console.anthropic.com/settings/billing, https://ai.9w7.cn/console and https://xingjiabiapi.com/home) and then parses those page snapshots for balance/usage, meaning untrusted web content is fetched and interpreted as part of the workflow and can materially affect subsequent reporting/actions.