opencli-repair

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to open and inspect live public websites (Step 3 "Explore the Current Website" using commands like "opencli operate open https://example.com/target-page") and to read the diagnostic RepairContext fields (page.url, page.snapshot, networkRequests) so the agent must interpret untrusted, user-generated/third-party page content to decide and perform repairs, which can materially change tool actions.