any2html

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and ingest content from public URLs (e.g., arxiv.org, x.com/twitter via r.jina.ai, mp.weixin.qq.com or “other webpages” using r.jina.ai) and to read and extract core data from that untrusted, user-generated third‑party content as part of its mandatory content‑extraction and decision workflow, enabling indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The HTML template includes a runtime script tag that fetches and executes remote code from https://cdn.tailwindcss.com, and the skill’s markup relies on Tailwind classes (making that external script a required runtime dependency that executes remote code).