fill-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches arbitrary external web pages (scripts/02-fetch-content.js uses curl then Playwright to retrieve each item.url) and SKILL.md plus scripts/03-update-from-temp.js require the Agent to read the fetched contentPreview/meta and decide which items to update, so untrusted third-party page content can directly influence agent decisions and subsequent tool actions (updates to mixdao).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill fetches arbitrary external article URLs (item.url values obtained from https://www.mixdao.world/api/latest) at runtime via curl/Playwright in scripts/02-fetch-content.js and then injects the fetched text directly as the user input to the Anthropic model in scripts/03-update-from-temp.js, meaning those runtime-fetched URLs can directly control the agent's prompts.