ljg-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's URL mode (步骤 2) explicitly fetches arbitrary public webpages using WebFetch, curl, requests+BeautifulSoup, or Playwright and then reads/processes that untrusted third-party page content into markdown (and even uses page content to infer filenames), which exposes the agent to indirect prompt injection from web content.