pinboard-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and scrapes arbitrary public webpages via Jina Reader (Step 3 in "Timeliness Check": CONTENT=$(curl -s "https://r.jina.ai/BOOKMARK_URL")) and also issues HEAD/GET requests to bookmark URLs during Dead Link Detection, then reads and interprets that untrusted third‑party content to drive decisions (delete/mark_evergreen/update tags) as described in SKILL.md, enabling indirect prompt injection from those pages.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches bookmark content at runtime via Jina Reader (e.g. https://r.jina.ai/BOOKMARK_URL) and injects that fetched text into the AI timeliness analysis, so externally-hosted content can directly control model inputs and influence agent behavior.