opencli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs running OpenCLI commands that fetch public, user-generated content (e.g., "opencli reddit search 'AI'", "opencli youtube transcript ''" in the "Recommended Command Patterns") and describes browser-session tasks that reuse the user's Chrome login to access target websites, meaning untrusted third-party content would be ingested and could influence subsequent agent actions.