opencli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly directs the AI agent (see CLI-EXPLORER.md and SKILL.md) to navigate public websites and ingest their JSON/page content via browser_evaluate, installInterceptor, tap and network capture (examples: Twitter/X, Reddit, Xiaohongshu, Bilibili, etc.), which are untrusted, user-generated sources whose responses are parsed and used to synthesize adapters and drive follow-up actions—creating a clear vector for indirect prompt injection.