crawl-xueqiu-timeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly fetches and ingests public, user-generated content from Xueqiu (see SKILL.md and scripts/crawl_xueqiu_timeline_api.py which opens the provided https://xueqiu.com user URL, calls the site API via agent-browser (get_api_data_in_browser) and snapshots the page), so untrusted third‑party posts are read and used to control parsing/paging and output generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The check-agent-browser.sh script can run npm install -g agent-browser --registry=https://registry.npmmirror.com at runtime, which fetches and installs remote code (the agent-browser package) that this skill subsequently executes via agent-browser commands, so https://registry.npmmirror.com is a runtime external dependency that results in executing remote code.