til

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and interprets user-generated content from the OpenTIL site (e.g. GET /entries, GET /tags, GET /categories calls described in SKILL.md and references/management.md) and uses that content in workflows like /til edit, /til publish, /til search and /til sync to decide and perform API actions, so untrusted third‑party content could influence the agent's subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill instructs running an external npm package at runtime (e.g. "npx @opentil/cli@latest update ..." and image upload via npx @opentil/cli image upload ...) and explicitly queries the registry URL https://registry.npmjs.org/@opentil/cli/latest, which fetches and executes remote code that the skill relies on for update/image-upload flows.