opencli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes public, user-generated content from open websites (e.g., Twitter/X, Reddit, Zhihu, Bilibili, Weibo) via opencli and a Playwright fallback—see SKILL.md and references/commands.md which require navigating to target URLs, taking browser_snapshots and running browser_evaluate to read page content—so untrusted third‑party content is ingested and used to drive agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and running remote packages that fetch and execute code (e.g., npm install -g @jackwener/opencli and npx @playwright/mcp@latest) and asks users to install the Playwright MCP Bridge Chrome extension (https://chromewebstore.google.com/detail/playwright-mcp-bridge/kldoghpdblpjbjeechcaoibpfbgfomkn), all of which are required dependencies that will execute remote code to enable agent browser control.