opencli-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly directs the agent to fetch and programmatically process content from public, user-generated sources (e.g., Reddit, HackerNews, arbitrary web pages via "opencli web read", and many social/news sites) as part of its required workflow (see SKILL.md / README steps for discovering commands, running opencli, and "Present the Results"), which clearly exposes the agent to untrusted third‑party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and invoking the external opencli tool (npm install -g @jackwener/opencli) and may download/execute the Browser Bridge extension from the GitHub repo/releases (https://github.com/jackwener/opencli and https://github.com/jackwener/opencli/releases), which fetches and runs remote code that the skill depends on at runtime.