qiaomu-info-card-designer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly fetches and ingests content from arbitrary public URLs (Step 0: e.g., curl "https://r.jina.ai/{url}", mp.weixin.qq.com fetch script, X/Twitter handling and arxiv HTML/PDF fetching), then requires the agent to read and extract core claims from that untrusted/user-generated content to drive card generation and subsequent actions (HTML generation, layout choice, screenshot/splitting), so third-party pages can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches arbitrary page content at runtime (e.g., curl -sL "https://r.jina.ai/{url}" with fallbacks like "https://defuddle.md/{url}" and direct arXiv HTML/PDF URLs) and then injects that fetched content as the source for summarization/card generation, so remote content can directly control the agent's prompts/output.