ljg-clip

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 2a explicitly uses WebFetch to fetch and extract content from arbitrary user-supplied URLs (public web pages), and that extracted content is parsed, stored, tagged, and can trigger downstream actions like automatic /ljg-xray calls in Step 7, so untrusted third-party content can materially influence agent behavior.