opencli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and README explicitly instruct use of opencli and Playwright to fetch and snapshot public, user-generated content from sites like Twitter/X, Reddit, Zhihu, Bilibili, Weibo, etc., and the agent is expected to read and act on that content (opencli commands, browser_snapshot and output formatting), which can let third‑party content materially influence agent actions.