opencli-social-platforms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses content from public social platforms (e.g., Twitter/X, Reddit, Zhihu, Bilibili, HackerNews) via opencli/Playwright (see SKILL.md commands like opencli twitter timeline -f json, opencli reddit hot -f json, and the "Research across platforms" pattern), so untrusted, user-generated third-party content is ingested and intended to be read/acted on by the agent, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires installing and using the Playwright MCP Bridge Chrome extension (https://chromewebstore.google.com/detail/playwright-mcp-bridge/kldoghpdblpjbjeechcaoibpfbgfomkn) and adding a Playwright MCP server via "npx @playwright/mcp@latest", both of which fetch and execute remote code that the skill relies on at runtime to control the browser and perform actions—meeting the criteria for a runtime-executed external dependency.