musicfree-plugin-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the AI to fetch and save HTML and network responses from arbitrary target websites (using Playwright and axios) for offline analysis and to derive API endpoints and request headers (see SKILL.md "步骤 2/3" and references/site-analysis-playbook.md which save requests-search.json/requests-playback.json and page-rendered.html), meaning untrusted public third-party content is ingested and used to drive tooling and decision-making.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs installing/updating plugins from a raw JS URL (e.g. https://raw.githubusercontent.com/用户名/仓库名/分支/文件名.js or the srcUrl like https://example.com/plugin.js), which the application will fetch at runtime and execute as plugin code in the sandbox, so this is a runtime external dependency that can execute remote code.