fetch-rendered

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill runs a local render server that fetches arbitrary URLs via the /render?url=... endpoint (see SKILL.md usage examples) and returns page text content, so it clearly ingests untrusted, user-provided web pages that the agent would read and could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime server endpoint http://localhost:3456/render fetches arbitrary external URLs supplied via the "url" parameter (e.g., https://open.larksuite.com/document/client-docs/bot-v3/add-custom-bot) and returns the rendered page text which would be injected into/used by the agent, so remote content can directly control prompts.