meihua-yishu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts/meihua_gemini.py directly connects to an external gemini.google.com webpage via Chrome DevTools Protocol, sends prompts and extracts the model/web-grounded responses (third‑party web content) which the agent then reads and uses in its workflow—exposing it to untrusted, user/Internet-generated content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime script (scripts/meihua_gemini.py) connects to a running Chrome DevTools endpoint, locates an open gemini.google.com page, and uses the page's WebSocket/CDP connection to inject prompts and execute JS to send/receive Gemini responses at runtime (gemini.google.com), so external content from that URL directly controls the agent's outputs.