crawl-xueqiu-user-timeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and fetches user-generated posts from the public site xueqiu.com (see scripts/crawl_xueqiu_user_timeline_api.py: fetch to 'https://xueqiu.com/v4/statuses/user_timeline.json' and open_page(url)), parses and includes that content in output, and SKILL.md instructs to ask whether to summarize/analyze the fetched posts—so untrusted third‑party content is read and can be fed into follow-up analysis (potential indirect prompt injection).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script scripts/check-agent-browser.sh may run at runtime to install the required agent-browser package via npm using the registry URL https://registry.npmmirror.com, which fetches remote code that will be installed and executed (agent-browser CLI) and is a required dependency for the skill.