deep-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's "Xử lý input" section explicitly accepts URLs (http/https) and states "Dùng WebFetch để lấy nội dung", and those fetched third‑party webpages are then read and analyzed by the commands (summary, insights, critique, etc.), exposing the agent to untrusted public content that could influence its actions.