notion-clipper-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly navigates to and scrapes arbitrary public URLs (see SKILL.md and scripts/main.ts → captureUrl which launches Chrome/CDP to load args.url and runs cleanupAndExtractScript in the page to extract HTML), so it ingests untrusted, user-generated third‑party content as part of its runtime workflow.