genie-editor-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main workflow (steps "全局扫描" and "收集上下文") explicitly instructs the agent to fetch and read editor snapshots, nodes lists, and exported context-images from the Chrome extension on arbitrary target webpages (via commands like npx @axhub/genie editor snapshot, editor nodes list, and editor context-images export), which are untrusted/user-provided webpage content and are used to drive editing decisions—meeting the criteria for indirect prompt injection risk.