content-extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses arbitrary public web pages (via the web_fetch probe and MinerU fallback described in SKILL.md and implemented in scripts/content_extract.py), including user-generated sites listed in references/domain-whitelist.md (e.g., mp.weixin.qq.com, zhihu.com, xiaohongshu.com), and returns markdown that downstream skills are expected to read and act on, so untrusted third‑party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes mineru_parse_documents.py at runtime with --file-sources "" (e.g., python3 mineru-extract/scripts/mineru_parse_documents.py --file-sources ""), fetching arbitrary external webpages and inlining their markdown into the JSON output intended for downstream summarization, which means a user-supplied external URL is used at runtime and can directly control model input/prompting.