qiaomu-markdown-proxy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches arbitrary public URLs via scripts/fetch.sh (calling r.jina.ai, defuddle.md, agent-fetch) and dedicated fetch_weixin.py and fetch_feishu.py for WeChat/Feishu, then displays the full Markdown and a 3–5 sentence summary in the required "Display Content" workflow step, meaning untrusted, user-generated web content is ingested and presented for interpretation (allowing embedded instructions to influence subsequent actions).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime fetch.sh directly curls external proxies (e.g. https://r.jina.ai/ and https://defuddle.md/) and returns their Markdown into the agent's context (allowing remote content to control prompts), and it may also invoke npx --yes agent-fetch (which downloads and executes remote package code from https://github.com/teng-lin/agent-fetch) — all used at runtime and relied upon by the skill.