lightpanda

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly exposes fetching arbitrary public URLs via the "fetch" command (e.g., "lightpanda fetch https://example.com") and produces outputs like "semantic_tree_text" intended "适合直接输入给 LLM", and also supports running an MCP server to integrate with AI assistants, so untrusted web content could be ingested and directly influence the agent's decisions.