web-fetcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests arbitrary third‑party web pages (via Jina Reader, defuddle.md, markdown.new, OpenCLI routes for Reddit/Twitter/Zhihu, and raw HTML) as described in SKILL.md, README.md and implemented in scripts/fetch.py (fetch_via_* and OPENCLI_ROUTES), so untrusted/user‑generated content from public sites will be read and can directly influence the agent's outputs and subsequent actions.