web-article-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and usage examples explicitly navigate to and extract content from arbitrary public URLs (e.g., navigate({tabId, url: targetUrl}) and examples for mp.weixin.qq.com, medium.com, zhihu, batch URL lists) and then parse/act on that webpage text (extractWithReadability, convert-to-Markdown, download images, analyze content), so untrusted third‑party web content is ingested and can materially influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly instructs launching Chrome DevTools with flags like --disable-web-security and other automation-bypass options to "绕过常见的安全限制", which is a deliberate instruction to bypass browser security protections even though it doesn't request sudo, system-file edits, or user creation.