doko-page-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to run "dokobot doko read '' --local" to fetch arbitrary web pages through the user's Chrome session and to "Analyze and summarize content after receiving the raw page text," meaning untrusted public web content (arbitrary URLs) will be ingested and can directly influence agent decisions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill issues runtime Dokobot fetches like "dokobot doko read '' --local" which pull arbitrary webpage content (the '' target) into the agent's context and the skill explicitly directs the agent to analyze/summarize that content, meaning remotely hosted pages can directly influence agent prompts and behavior.