doc-snapshot-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill parses image markers that may include arbitrary public URLs (see SKILL.md "Format B: HTML Comment Image Marker" and Step 1 which "detect the target website(s) mentioned by the article") and then uses Playwright MCP to navigate, snapshot, inspect, and act on those live pages (see SKILL.md Step 3 and references/playwright-mcp.md), meaning untrusted third‑party web content is read and can directly influence navigation and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing/running Playwright MCP via the provided npx command (e.g., npx @playwright/mcp@latest) which fetches and executes remote npm code at runtime, and its bundled script sends prompts to the OpenRouter endpoint (https://openrouter.ai/api/v1/chat/completions) to generate images, so external code execution and remote-model invocation occur during runtime.