jeesite

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's required workflow (see SKILL.md and the scripts/cache_docs.py) automatically fetches and converts public pages from https://jeesite.com/docs/... into cached Markdown and the agent reads/uses that content to answer questions, so it ingests untrusted third‑party web content that could contain instructions influencing actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime caching script (scripts/cache_docs.py) performs live HTTP fetches from https://jeesite.com/docs//, converts the fetched HTML into Markdown, and injects that content into the agent's context to answer queries, so the external URL (https://jeesite.com/docs/) is used at runtime and can directly control prompts.