medium-paywall-bypass

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and extracts user-generated Medium articles from public mirror services (e.g., WebFetch to https://freedium.cfd/{encoded_url} and archive.today), so the agent will read untrusted third‑party content that could contain injected instructions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill does not request sudo, file modifications, or account creation, but it explicitly advises bypassing a security mechanism ("dangerouslyDisableSandbox: true"), which encourages disabling protections and thus risks compromising the host.