sd-journal-browse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to navigate to and scrape ScienceDirect journal pages (Step 1: navigate_page to {BASE_URL}/journal/{slug} and Step 2: evaluate_script), reading page text, links, and UI (including auto-clicking Cloudflare Turnstile), so it ingests untrusted public web content that can affect navigation and action decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly instructs evasion of anti-bot protections (overriding navigator.webdriver and auto-clicking Cloudflare Turnstile captchas), which is a bypass of security mechanisms even though it does not request sudo, modify system files, or create users.