qiaomu-opencli-explorer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md explicitly requires the agent to navigate and fetch/intercept content from arbitrary public websites (e.g., opencli explore/record, browser_navigate, page.evaluate, page.installInterceptor) such as Bilibili, Reddit, Twitter and other user-generated sites, and to parse those JSON/page contents to discover APIs and drive subsequent adapter generation, so untrusted third‑party content can directly influence the agent's actions.