opencli-operate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to open arbitrary public URLs (open ), inspect DOM/state, run eval (including fetch(...)) and use network --detail to capture API responses (examples: news.ycombinator.com, httpbin.org, eval "fetch('/api...')"), and then use that runtime content to drive interactions and to generate adapters—so untrusted, user-generated web content is read and can materially change the agent's actions.