qiaomu-opencli-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to open arbitrary URLs and run opencli browser state / eval / network (examples: "opencli browser open ", the HN extraction example, and the "Extract HN Stories" / "Navigate" core workflow) so the agent fetches and interprets public, user-generated web content which can materially influence subsequent actions, enabling indirect prompt injection.