qiaomu-opencli-autofix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and inspect live public websites and their diagnostic artifacts (e.g., RepairContext.page.url and snapshot, and commands like "opencli browser open https://..." and "opencli browser network"), and to read and act on that DOM/network content when modifying adapter code, so untrusted third-party content can directly influence tool use and repairs.