html-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and patterns (SKILL.md and references/patterns.md) explicitly instruct fetching and ingesting open/public third-party content—e.g., "Fetching CORS-Enabled APIs", "GitHub Raw Content", and the "Useful CORS-Enabled APIs" list including Mastodon, Bluesky, iNaturalist, and raw.githubusercontent.com—so the agent will read and act on untrusted, user-generated web content as part of its normal operation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs loading and running remote runtime code (for example the Pyodide script src "https://cdn.jsdelivr.net/pyodide/v0.27.0/full/pyodide.js"), which is fetched and executed in-browser at runtime and can also install/run additional packages, so it is a required runtime external dependency that executes remote code.