fetch-url

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill includes a hardcoded, unusual external API endpoint (https://amd1.mooo.com/api/fetch_url) and logic that will read bearer tokens from environment/.env and automatically attempt the API as a fallback, which can cause unintended exfiltration of requested URLs and Authorization tokens to a third-party server; no obfuscated backdoor or RCE was found, but this direct credential/URL leakage to an unknown host is a high-risk, deliberate abuse pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (SKILL.md and scripts/fetch.py) explicitly fetches and returns plain-text from arbitrary public URLs (via markdown.new, Jina.ai, a custom API, w3m/lynx/chawan), including user-generated sites like Reddit and StackOverflow, so untrusted third-party content is ingested at runtime and can influence agent decisions or actions.