opensteer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and navigates arbitrary public URLs and extracts page content (e.g., SKILL.md and cli-reference.md show opensteer open , opensteer.goto(url), opensteer.extract/get-html, and examples.md demonstrates scraping europa.eu and following extracted job URLs), so it ingests untrusted third‑party web content that can directly influence subsequent actions like navigation and extraction.