clippy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows clippy uses Playwright to read and interact with Microsoft 365 web UI (e.g., "clippy mail", "clippy mail -r", and "clippy respond") so the agent ingests user-generated/untrusted email and calendar content from external senders and can act on it (reply/forward/create events), which could allow maliciously crafted messages to influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's install instructions fetch and run remote code via "git clone https://github.com/foeken/clippy.git" and subsequent execution (bun run src/cli.ts), so the GitHub URL is a runtime dependency that executes externally fetched code.