llm-wiki-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to ingest and process arbitrary public URLs and social content (e.g., "Ingests articles, tweets, PDFs, YouTube transcripts, WeChat posts" and the "Add this article to my wiki: https://example.com/article" / npx baoyu-url-to-markdown and uvx youtube-transcript / wechat-article-to-markdown examples), which means the agent will fetch untrusted, user-generated third‑party content and use it to generate or update wiki pages and drive subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running remote install scripts at runtime (e.g., "curl -fsSL https://bun.sh/install | bash" and "curl -LsSf https://astral.sh/uv/install.sh | sh"), which fetch and execute remote code as required prerequisites for web/uv extraction tools, so they present clear runtime-execution risk.