qiaomu-opencli-usage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly ingests untrusted, user-generated third‑party content — e.g., SKILL.md and commands.md document commands like "opencli web read --url" and numerous 🌐 adapters for Reddit, Twitter/X, YouTube, Xiaohongshu, etc., which return public posts/pages (and even support actions like reply/post) that an agent is expected to read and that can influence subsequent tool use.