opencli-adapter-author

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (SKILL.md and references/api-discovery.md) explicitly instructs the agent to fetch, browse, eval and parse arbitrary public site content (e.g., using "opencli browser network", "opencli browser eval" / fetch calls, downloading bundles, and installInterceptor) from third‑party sites like eastmoney, xueqiu, bilibili and tonghuashun, and to interpret those responses to discover endpoints, tokens and decide next actions—i.e., untrusted external content can materially influence tool use and behavior.