zerone-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's font_grabber workflow (references/font-grabber.md) requires the agent to accept a user-provided iconfont CSS URL (e.g., //at.alicdn.com/t/c/font_XXXX.css) and then fetch, parse, and act on that remote CSS (downloading referenced font files and rewriting paths), which clearly ingests untrusted third‑party content that can influence subsequent tool actions.